another escape html

Disable clients.config editing in UI
Strip single quotes too
Fix double-escaping in susimail folder page

Don't return null entries in getParameterValues() array
Log in getParameterValues() too
static

Add filter to all webapps

  XSSFilter patch from str4d:
  XSSFilter and XSSRequestWrapper were from http://ricardozuasti.com/2012/stronger-anti-cross-site-scripting-xss-filter-for-java-web-apps/
  No provided license, but it is clearly intended for public consumption.
  But most of it is boilerplate provided by the Servlet Filter system.
  In fact, now that I have stripped out his JS-specific patterns and replaced it with the whitelist,
  it is effectively identical to what I would have written from scratch.

  - Fix several XSS issues (thx Aaron Portnoy of Exodus Intel)
  - Add Content-Security-Policy and X-XSS-Protection headers
  - Disable changing news feed URL from UI
  - Disable plugin install from UI
  - Disable setting unsigned update URL from UI
  - Disable /configadvanced
* DataHelper: Disallow \r in storeProps() (thx joernchen of Phenoelit)
* ExecNamingService: Disable (thx joernchen of Phenoelit)
* Startup: Add susimail.config to migrated files

Notes: Only HTTPS and SU3 (v2) support.

   http://forum.i2p/viewtopic.php?t=11469

   log fixes

   prevent slowdowns or stalls

far too often. Need to fix that first.

(thanks to SeekingFor for the heads-up)

- final
- last week's history

   as the javax.naming classes are not available.
   Any issues with local certs will be discovered in non-Android testing.

  - Redefine the repliable datagram signature for non-DSA_SHA1 sig types;
    was the sig of the SHA-256 of the payload, now the sig of the payload itself.
    This is an incompatible change but nobody is yet using the new
    sig types for datagram applications.
  - Don't pollute the hash cache with hashes of payloads
  - Check for too-big datagrams
  - Remove assertion check
  - Cleanups