Add new escaping methods from Magento 2.2 to XSS sniff whitelist

[schmengler]

escapeHtmlAttr is already allowed because it contains "Html"

[schmengler]

I also added getJsLayout() because it returns JSON which does not need additional escaping in JS context, where it is used.

For a future PR, it would be nice to allow all methods that contain "Js" or "Json", just like all methods containing "Html" are allowed.

[lenaorobei]

Thank you @schmengler!