API: add HTML escapes in displayed data
When accessing, for instance, a revision in the web API, the JSON data is not escaped.
Example : author -> fullname in https://archive.softwareheritage.org/api/1/revision/18d8be353ed3480476f032475e7c233eff7371d5/
This makes us vulnerable to code injections and should be fixed throughout the API views.
Migrated from T640 (view on Phabricator)