FIX: Prevent producing "undefined" strings (#10042)

Fixes a bug in search-menu-results (type: "group"), where:

```javascript
const fullName = escapeExpression(group.fullName);
const name = escapeExpression(group.name);
const groupNames = [h("span.name", fullName || name)];
```

`groupNames` could end up having value "undefined" if a group doesn't have a `fullName`.

test/javascripts/lib/utilities-test.js

@@ -1,5 +1,6 @@
 /* global Int8Array:true */
 import {
+  escapeExpression,
   emailValid,
   extractDomainFromUrl,
   avatarUrl,
@@ -14,9 +15,30 @@ import {
   fillMissingDates,
   inCodeBlock
 } from "discourse/lib/utilities";
+import Handlebars from "handlebars";
 
 QUnit.module("lib:utilities");
 
+QUnit.test("escapeExpression", assert => {
+  assert.equal(
+    escapeExpression(">"),
+    ">",
+    "escapes unsafe characters"
+  );
+
+  assert.equal(
+    escapeExpression(new Handlebars.SafeString(">")),
+    ">",
+    "does not double-escape safe strings"
+  );
+
+  assert.equal(
+    escapeExpression(undefined),
+    "",
+    "returns a falsy string when given a falsy value"
+  );
+});
+
 QUnit.test("emailValid", assert => {
   assert.ok(
     emailValid("Bob@example.com"),