Escape filter results by default

[johannhof]

So this is a pretty large change I think, but as far as I understand the original Liquid HTML escapes everything that goes into filters by default, or something. Someone would have to check what exactly gets escaped in Liquid and do the same escaping in liquid-rust. It just states

It needs to be non evaling and secure. Liquid templates are made so that users can edit them. You don't want to run code on your server which your users wrote.

which is pretty vague.

Could use https://github.com/skade/escapade

[epage]

A thought I have on this

• Add the ability to set a global auto-escape filter on the ParserBuilder
• Support file-extension overrides of the global auto-escape filter.
  • Until #323 is implemented, this will only work with partial-templates
• Possibly support the ability to set the autoescape for a template on a one-off basis.