Clarify widget output escaping guidance

[ekamran]

Summary

• Adds guidance for escaping classic widget wrapper arguments in the late_escaping check documentation.
• Recommends wp_kses_post() for wrapper HTML such as before_widget, after_widget, before_title, and after_title.
• Adds a fixture case showing the recommended widget output pattern passes the late escaping check.

Testing

• vendor/bin/phpcs --standard=WordPress --sniffs=WordPress.Security.EscapeOutput tests/phpunit/testdata/plugins/test-plugin-late-escaping-without-errors/load.php
• vendor/bin/phpcs --standard=phpcs.xml.dist tests/phpunit/testdata/plugins/test-plugin-late-escaping-without-errors/load.php
• npm run test-php -- --filter Late_Escaping_Check_Tests
• git diff --check

Fixes #946

[github-actions]

The following accounts have interacted with this PR and/or linked issues. I will continue to update these lists as activity occurs. You can also manually ask me to refresh this list by adding the props-bot label.

If you're merging code through a pull request on GitHub, copy and paste the following into the bottom of the merge commit message.

Co-authored-by: ekamran <ekamran@git.wordpress.org>
Co-authored-by: akirk <akirk@git.wordpress.org>

To understand the WordPress project's expectations around crediting contributors, please review the Contributor Attribution page in the Core Handbook.