Escape all templated text in search result screen [CVE-2022-36922]

[tdraebing]

In the search results screen the query was displayed without escaping it first. That allowed to inject arbitrary code like javascript. This was possible because the feature of Jelly to escape everything by default was disabled.

This fixes https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2812.

This is required for this plugin release request: https://github.com/jenkins-infra/repository-permissions-updater/issues/2947

• [x] Make sure you are opening from a topic/feature/bugfix branch (right side) and not your main branch!
• [x] Ensure that the pull request title represents the desired changelog entry
• [x] Please describe what you did
• [x] Link to relevant issues in GitHub or Jira
• [x] Link to relevant pull requests, esp. upstream and downstream changes
• [ ] Ensure you have provided tests - that demonstrates feature works or fixes the issue