CRM-21006 - Escape all title and alt attributes

CRM-21006 - Escape all title and alt attributes

This commit opportunistically adds HTML output encoding to all Smarty
variables any time they appear within an HTML `title` or `alt`
attribute. Why? Because this helps us prevent XSS and is very very
unlikely to cause any unwanted side effects.

Code locations found by searching the `templates` directory for:

(title|alt)=(['"])((?!\2).)*\{\$((?!(\|(escape|crmDate))|\}).)+\}((?!\2).)*\2