[GEOS-11153] Improve handling special characters in the WMS OpenLayers Format

[sikeoka]

This PR updates the WMS OpenLayers Format to properly escape special characters from GeoServer catalog information.

Checklist

• I have read the contribution guidelines.
• I have sent a Contribution Licence Agreement (not required for small changes, e.g., fixing typos in documentation).
• First PR targets the main branch (backports managed later; ignore for branch specific issues).
• All the build checks are green (see automated QA checks).

For core and extension modules:

• New unit tests have been added covering the changes.
• Documentation has been updated (if change is visible to end users).
• The REST API docs have been updated (when changing configuration objects or the REST controllers).
• There is an issue in the GeoServer Jira (except for changes that do not affect administrators or end users in any way).
• Commit message(s) must be in the form [GEOS-XYZWV] Title of the Jira ticket.
• Bug fixes and small new features are presented as a single commit.
• Each commit has a single objective (if there are multiple commits, each has a separate JIRA ticket describing its goal).

[aaime]

Confused about escaping done in different places, see below.

[aaime]

Why are the other parameters escaped in the template, while this one is escaped in Java code?

[sikeoka]

I wasn't sure what to do with this one. The FreeMarker ?html directive is deprecated in favor of auto-escaping but HTML auto-escaping will escape the contents of script tags so that they may not be entirely correct JavaScript. The ?js_string directive is not deprecated.

[aaime]

I see, the explanation makes sense, thanks!