Fixes #12745 - Escape text passed as display values to slim-select

[kkthxbye-code]

Fixes: #12745

Adds js dependencies html-entities (yes, there really is no built-in method for this is js) and escapes display text passed to slim-select.

[kkthxbye-code]

Should fix all 15 of these CVE's: https://github.com/anhdq201/netbox/issues however there might be other places where we pass unescaped HTML from the API to a library. Ideally I believe slim-select should do this escaping, but slim-select 1.x is deprecated and seemingly completely abandoned. slim-select 2.x is a complete rewrite and not compatible at all.

I've requested that MITRE fold the 15 CVE's into one CVE as their rules state that they must be:

https://www.cve.org/ResourcesSupport/AllResources/CNARules

Section 7.2

The CVE Program expects separate CVE IDs to be assigned to
independently fixable vulnerabilities. If one vulnerability can be
fixed without fixing the other, then the vulnerabilities should
receive separate CVE IDs.

As these are not independently fixable, one CVE should have been created instead of 15.

[jeremystretch]

Thanks for digging into this @kkthxbye-code!