Text normalized for edit worked fine when being injected straight into

JavaScript code using the normalize_text_for_edit template tag, but it

didn't work so well for data-raw-value= attributes, nor did it work for

comment arrays for review UIs/diff viewer.
We now default to HTML-escaping text, and only turn this off in the case

where we're outputting to JavaScript code using the template tag.
This prevents things like & from turning into &, and double quotes

from breaking data attributes.
Unit tests were added to cover the various cases.

Manually tested rich and plain text comments with HTML-unsafe characters,

injected through data attributes and in JavaScript. Checked raw HTML source,

and didn't see any issues.
Added new unit tests, which pass.