add json extension to FileExtensionEscapingStrategy (security)

[devkral]

why

people tend to forget that the default escape guessing strategy doesn't apply the correct escape filter to json.twig.

This causes a huge security hole in such projects because the default filter html allows too much.

what

add to FileExtensionEscapingStrategy.php

...
            case 'json':
                return 'js';
...