Escape constant pool names in generated HTML

[rootvector2]

auditing the generated-html path surfaced that field, method, local-variable, inner-class and type/class-reference names from the constant pool are written into the Class2HTML output as element text without escaping, so a crafted .class whose pool holds a name like <script> yields stored xss in the generated pages; route them through the existing Class2HTML.toHTML that the method-name sinks already use, leaving link anchors and filenames untouched so links keep working.

• Read the contribution guidelines for this project.
• Read the ASF Generative Tooling Guidance if you use Artificial Intelligence (AI).
• I used AI to create any part of, or all of, this pull request. Which AI tool was used to create this pull request, and to what extent did it contribute?
• Run a successful build using the default Maven goal with mvn; that's mvn on the command line by itself.
• Write unit tests that match behavioral changes, where the tests fail if the changes to the runtime are not applied. This may not always be possible, but it is a best practice.
• Write a pull request description that is detailed enough to understand what the pull request does, how, and why.
• Each commit in the pull request should have a meaningful subject line and body.