parser: DOM rendering doesn't escape single quotes in attributes

## Description

\`crates/ironhtml-parser/src/dom.rs:382-389\` — the parser's attribute rendering does not escape single quotes (\`'\`), while the builder's \`escape_attr\` escapes them to \`&#x27;\`.

This is an inconsistency between the two rendering paths that could lead to XSS in edge cases where attribute values contain single quotes and the HTML is rendered with single-quoted attributes.