security: add |esc_url to all template URLs, register escape Twig filters (v1.1.3)

5th OWASP Top-10 pass: added |esc_url filter to all unescaped URL outputs
across 8 Twig template partials (headers, footers, search, comments).
Registered esc_html, esc_attr, esc_url as Twig filters with is_safe option.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

views/partials/search-form.html.twig

@@ -1,4 +1,4 @@
-<form role="search" method="get" action="{{ site.url }}" class="mb-4">
+<form role="search" method="get" action="{{ site.url|esc_url }}" class="mb-4">
     <div class="input-group">
         <input type="search" class="form-control" name="s"
                placeholder="{{ __('Search...') }}"