Add note about HTML escaping by default for form-related attribute processors

[ultraq]

From: thymeleaf/thymeleaf#877 Could be very useful to add a note that HTML escaping is on by default in Thymeleaf's form-related attribute processors, particularly for those coming from JSPs who used the htmlEscape value there and are looking for Thymeleaf's equivalent.