fn escape_xml(s: &str) -> StringExpand description
Escapes XML special characters to prevent prompt injection (SEC-M3).
Replaces &, <, >, ", and ' with their XML entity equivalents.
This ensures user content cannot break out of XML tags or inject malicious content.