VML plugin: replace 'gvputs(… html_string(…))' with 'xml_escape' functionality

VML plugin: replace 'gvputs(… html_string(…))' with 'xml_escape' functionality

This is further work towards unifying the XML escaping code (#1868). This change
has no functional impact but makes this processing slightly more efficient
(escaped text is emitted directly into the target file/stream instead of first
constructed in an intermediate buffer) and thread safe (a static buffer is no
longer used for escaping). The latter is not so significant as other factors
make it still unsafe to call into this plugin with multiple threads.