Escape SAML attributes values to avoid xml exceptions

[siacomuzzi]

For example, in ASP.NET when an attribute value contains '&' char, WIF returns an error.

picture: https://secure.gravatar.com/avatar/5426f6b9d63ad92d60e6fe9fdf83aa21?s=480&r=pg&d=https%3A%2F%2Fssl.gstatic.com%2Fs2%2Fprofiles%2Fimages%2Fsilhouette80.png

Unexpected end of file. Following elements are not closed: AttributeValue, Attribute, AttributeStatement, Assertion, RequestedSecurityToken, RequestSecurityTokenResponse.