Escape room name in sync permission error message

The room string is already constrained by REST schema regex
validation, but esc_html() future-proofs against the regex
loosening or the message being reused in an HTML context.

Author: josephfusco

src/wp-includes/collaboration/class-wp-http-polling-sync-server.php

@@ -198,7 +198,7 @@ public function check_permissions( WP_REST_Request $request ) {
 					sprintf(
 						/* translators: %s: The room name encodes the current entity being synced. */
 						__( 'You do not have permission to sync this entity: %s.' ),
-						$room
+						esc_html( $room )
 					),
 					array( 'status' => rest_authorization_required_code() )
 				);