fix: don't over-escape page title

[crowlbot]

The page <title> was rendered with the registry-wide handlebars escaper (html_escape::encode_safe), which escapes characters that are harmless in plain text content — most notably /. As a result a module/symbol/package name like I/O was rendered as:

<title>I&#x2F;O - Deno documentation</title>

Fix

Render the title through a small escape_text handlebars helper that only escapes the characters that are meaningful in text content (&, <, >). The title now reads:

<title>I/O - Deno documentation</title>

HTML-special characters in symbol names are still escaped, so a title can never break out of the <title> element. The existing XSS fixture (Foo.prototype."><img src=x onerror=alert(1)>) confirms this: < and > remain </>; only the now-unnecessary " is dropped.

The registry-wide escaper is intentionally left unchanged, so escaping of attribute/URL values elsewhere on the page is unaffected.

Tests

Added two regression tests to tests/html_test.rs:

• title_does_not_over_escape_slash — a scoped package name (@deno/cool) renders an unescaped / in the title.
• title_escapes_html_special_chars — a property name containing <script> is still escaped in the title.

Fixes #647

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}