We were using Django's escape() for review request summaries, which

covers a variety of characters. However, Slack expects that only &, <

and > will ever be escaped, and will show any other entities as-is.
This change adds our own escaping logic in order to not leak entities in

the summaries.

Posted a change with a variety of things that Django would escape. All

characters looked fine in the link.