mod_negotiation: Escape filenames in variant list

      to prevent an possible XSS for a site where untrusted
users can upload files to a location with MultiViews
enabled.

SECURITY: CVE-2012-2687 (cve.mitre.org):

Submitted by: Niels Heinen <heinenn google.com>

Reviewed by: trawick, wrowe
Backported by: rjung


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1374421 13f79535-47bb-0310-9956-ffa450edef68