Fix 0012232: Multiple XSS issues with custom field enumeration values

MantisBT administrators (who can configure custom fields) can place
malicious Javascript within the options they define for custom field
enumeration/checkbox/radio/etc field types. These HTML-unsafe options
are then printed to users throughout MantisBT (report, update, view,
etc) without sanitisation.

This is low risk due to the need to be a MantisBT administrator to
configure custom field values. Rather than being a pure security risk,
this is more a case of allowing all characters to be used safely within
custom field options.