add escapes suitable for HTML embedding

[clarkevans]

Often, I've seen JSON used to encode content so that it could be included in a <script tag within Pluto.jl notebooks. However, within a HTML <script> tag, additional escaping is needed:

The easiest and safest way to avoid the rather strange restrictions described in this section is to always escape an ASCII case-insensitive match for "<!--" as "<\!--", "<script" as "<\script", and "</script" as "<\/script" when these sequences appear in literals in scripts (e.g. in strings, regular expressions, or comments), and to avoid writing code that uses such constructs in expressions.

The issue here is that JSON doesn't like \\!, \\s, and \\S, so I suppose one would have to use the equivalent unicode escape sequences: "<!" as "<\\u0021", "<s" as "<\\u0073", "<S" as "<\\u0053", and "</" as "<\\/".

It'd be perhaps useful to additionally escape these sequences. It won't hurt normal JSON encodings, but would make JSON safe for making Javascript content to be embedded in HTML.

[quinnj]

Hmmmm, we could maybe provide a small helper to make json HTML safe that did the replace call for you on the required characters. I hesitate though because it would be such a small one-liner w/ probably not a ton of usage outside very specific use-cases, while expanding the public API of the package. I'd be open to a PR if someone wanted to try implementing a JSON.htmlsafe(json) to do the replace + tests.