luci-mod-network: escape WiFi SSID on Scanning AP modal

luci-mod-network: escape WiFi SSID on Scanning AP modal

After the ES2016 rework, a very old bug was reverted where the WiFi SSID was
treated as raw HTML and directly appended to DOM.

This might result in XSS vulnerability with specially crafted SSID from the
Access Point around.

This is only triggered on opening the modal as the normal wireless.js view
doesn't scan the Access Point.

To fix this and make it more clear that SSID must be always escaped, move the
SSID handling to a dedicated variable and use the document.createTextNode()
to escape it similar to how it's done in similar place like the
channel_analysis.js

Fixes: cdce600aaec6 ("luci-mod-network: give wireless.js ES2016 treatment and refactor")
Reported-by: Sasha Romijn <redacted>
Signed-off-by: Christian Marangi <redacted>