Correctly escape user-defined names in emails

Closes #1151

Signed-off-by: Thomas Citharel <tcit@tcit.fr>

lib/web/templates/email/event_updated.html.heex

@@ -46,7 +46,7 @@
           <p style="margin: 0;">
             <%= gettext(
               "There have been changes for <b>%{title}</b> so we'd thought we'd let you know.",
-              title: @old_event.title
+              title: escape_html(@old_event.title)
             )
             |> raw %>
           </p>