♻️ Refactor logic to handle OpenAPI and Swagger UI escaping data

OpenAPI, do not store root_path in servers: the only way this could be a problem is if there was a misconfigured proxy that somehow allowed an attacker client to set x-forwarded-* headers and passed them along. For a proxy (or server) to do this, it normally has to be intentionally/explicitly misconfigured. But again, doesn't hurt to have it there.

Escape Swagger UI configs: I wouldn't consider this really important, the Swagger UI logic takes only data from the same developer building the app, I don't see a feasible scenario where this could be a problem, but probably also doesn't hurt much to have it there.

I received several "security reports" with this, I suspect some automated scanning tool that checks any JSON inside of HTML or similar. I don't consider these security issues, but also think it's probably fine to have these changes.