[8.x] Fix model serialization on anonymous components

[taylorotwell]

Fixes #39232

When rendering anonymous components, we do not know which attributes passed to the components are going to be used as "props" (not sanitized) vs. "attributes" (sanitized since they are likely going to be rendered into the DOM directly). With class based components we do not have this issue since we can determine which attributes are actually props by looking at the properties on the class.

Therefore, when using anonymous components, we pass every attribute as both a prop and an attribute and then the @props directive removes the specified props from the $attributes bag. However, in the process of passing everything as attributes, every object with a __toString method gets escaped - I guess because we assumed they would be rendered in the DOM?

Anyways, that is pretty undesirable in the case of Eloquent models and collections especially because the serialization process could be resource intensive if it loads additional relationships.

In order to try to solve this in a way that is as backwards-compatible as possible (in case people really are putting JSON serialized models into the DOM, I introduced a new CanBeEscapedWhenConvertedToString interface which models and collections can use.

When the Blade attribute sanitization method encounters an object of this type, we will invoke the method defined by the contract which states that when this object is converted to a string it should be escaped. Therefore, if people really do try to render this object as a string it will still be escaped.

---

Would appreciate any feedback on this if anyone has a better idea or sees any downfalls with this approach.

[stevebauman]

Nice, I think this is a good solution 👍

Though, the interface name is a bit long imo, what do you think about EscapeableWhenStringified?