Include XSS prevention in REST API examples

Even though classes like `AirlineServlet` do not output HTML, the code really should do something to protect against XSS attacks.  It would be a good example.

Here are some ideas from OWASP:

https://cheatsheetseries.owasp.org/cheatsheets/Injection_Prevention_in_Java_Cheat_Sheet.html#htmljavascriptcss