When serializing dyad-tags, special characters (& < > ") are escaped.
When deserializing/parsing, these need to be unescaped to get the
original values. This fixes issues where escaped characters like &lt;
would appear literally in the UI or processed values.

Changes:
- Add shared/xmlEscape.ts with escape/unescape utilities
- Update DyadMarkdownParser.tsx to unescape attributes and content
- Update dyad_tag_parser.ts to unescape all parsed values
- Consolidate duplicate escape functions to use shared utilities
- Add comprehensive tests for the escape/unescape roundtrip

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> Fixes incorrect literal XML entities by unescaping dyad-tag attributes
and inner content during parse, and centralizes escape helpers.
> 
> - **Shared utils**: Add `shared/xmlEscape.ts` with
`escapeXmlAttr|Content` and `unescapeXmlAttr|Content`; remove duplicate
implementations and re-export in local agent tools
> - **Parsing/rendering**: Update `DyadMarkdownParser` and
`dyad_tag_parser` to unescape attributes/content for all relevant tags
(write/rename/delete/search-replace/execute-sql/chat-summary/command)
> - **Problem reports**: Generate `<dyad-problem-report>` using
`escapeXmlAttr` for attributes and `escapeXmlContent` for messages
> - **Local agent**: Use shared escaping in `xml_tool_translator` and
related tooling
> - **Tests/E2E**: Add comprehensive `xmlEscape` unit tests; update grep
snapshots to expect raw JSX/HTML characters
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
0e1be9ad5d5cf0300cc1cf5bd361b1fd44f61ad7. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Fixes XML escaping for dyad-tags by unescaping attributes and content
during parsing so original values render and process correctly. Prevents
literal entities like &lt; showing in the UI and tools.

- **Bug Fixes**
- Unescape tag attributes and inner content in DyadMarkdownParser and
dyad_tag_parser.
- Correct attribute and content escaping in dyad-problem-report
generation.
  - Add roundtrip tests for attribute and content escape/unescape.
- Update local agent grep E2E snapshots to expect raw JSX/HTML
characters.

- **Refactors**
- Introduce shared/xmlEscape with escape/unescape helpers for attributes
and content.
- Remove duplicate implementations and update IPC/local agent callers to
use shared utilities.

<sup>Written for commit 0e1be9ad5d5cf0300cc1cf5bd361b1fd44f61ad7.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

---------
Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>