Users: Add missing escaping on the Add New User screen.

While the `$type` and `$label` variables are set to values that do not currently require escaping, this may change in the future, so it is preferable to add the escaping as a defensive coding measure.

Follow-up to [16294], [29030].

Props monzuralam, rudlinkon, hztyfoon, peterwilsoncc.
Fixes #57133.

git-svn-id: https://develop.svn.wordpress.org/trunk@54857 602fd350-edb4-49c9-b593-d223f7449a82

Author: SergeyBiryukov

src/wp-admin/user-new.php

@@ -442,8 +442,8 @@
 
 <table class="form-table" role="presentation">
 	<tr class="form-field form-required">
-		<th scope="row"><label for="adduser-email"><?php echo $label; ?></label></th>
-		<td><input name="email" type="<?php echo $type; ?>" id="adduser-email" class="wp-suggest-user" value="" /></td>
+		<th scope="row"><label for="adduser-email"><?php echo esc_html( $label ); ?></label></th>
+		<td><input name="email" type="<?php echo esc_attr( $type ); ?>" id="adduser-email" class="wp-suggest-user" value="" /></td>
 	</tr>
 	<tr class="form-field">
 		<th scope="row"><label for="adduser-role"><?php _e( 'Role' ); ?></label></th>