Disallow <! in <script>

Summary:
HTML5 has this crazy script escaping states:

• Script data escaped dash dash state
• Script data double escaped state

https://communities.coverity.com/blogs/security/2012/11/16/did-i-do-that-html-5-js-escapers-3

Perhaps <! is too aggressive but I didn't spend much time searching for a more fine grained expression.

Test Plan: Searched for renderInlineScript().

Reviewers: epriestley

Reviewed By: epriestley

CC: Korvin, epriestley, aran

Differential Revision: https://secure.phabricator.com/D7329