cleosrv: Automatically ensure all textual input is HTML escaped to prevent XSS

[omarkohl]

It's already the case for forecast creation, but it's easy to forget when adding new operations. Ideally it should be the default for any textual input. In a later increment it might be desirable to allow for some safe HTML so people can style e.g. the forecast description. Alternatively supporting markdown would be great.

[omarkohl]

Related to #257