Remove all functions from the auto escape list that don't return a value

[johnbillion]

Fixes #1348

[GaryJones]

Has a merge conflict.

[NielsdeBlaauw]

I've reviewed the functions removed in the current pull request. I agree with all functions removed in 1ffc427

I've also gone through the list of remaining items in the 'autoEscapedFunctions' property.
I've found the follow functions that should be reconsidered for this pull-request:

• bloginfo - only echoes, no return
• body_class - only echoes, no return
• get_search_query - with improper usage this function might not escape
• post_type_archive_title - prefix does not actually seem to be escaped
• single_cat_title - prefix does not actually seem to be escaped
• single_month_title - prefix does not actually seem to be escaped
• single_post_title - prefix does not actually seem to be escaped
• single_tag_title - prefix does not actually seem to be escaped
• the_date - first parameter is not escaped, which might be vulnerable.
• vip_powered_wpcom - Seems to be exclusively part of VIP. Does this touch the Deprecate VIP ruleset, and remove from WordPress ruleset #1309 issue?

wp_list_*, wp_nav_menu, wp_register functions don't escape some parts, but those are on purpose. However, they don't filter out dangerous html properties.

[jrfnl]

@johnbillion Thank you for the PR. Would you mind rebasing it on the current develop to make it mergable again ?

@NielsdeBlaauw Thank you for your detailed review & I look forward to your pull request for your other finds!

[jrfnl]

@johnbillion Just checking - did you see my previous message asking to rebase ?

[GaryJones]

Closing in favour of #1547 since @johnbillion hasn't fixed the merge conflict.

[GaryJones]

@NielsdeBlaauw Sorry - I missed your comment. If you want to open a PR with your recommended additional changes here, then we can take a look :-) Thanks!