When rendering CSS/JS bundles for extensions in a developer setup (with

PIPELINE_ENABLED=False), the resulting HTML would be escaped, causing

garbage on the page and preventing the bundles from loading. This was

due to the lack of a mark_safe() when rendering source files within

Pipeline (as that's normally handled later in their standard template

tag process), and the modern behavior to automatically escape unless

explicitly marked safe.
This simply adds a mark_safe() around the resulting HTML, and

introduces new unit tests to check for these conditions.

Unit tests pass.
No longer saw escaped HTML for bundles on the page.