Escape return path extra params to php mail()

Escape return path extra params to php mail()

PHP only escapes some dangerous shell characters. This is a hardening
measure, as MW's sanitizeEmail routines should also have prevented
evil characters from being in mail addresses in the first place.

Bug: T152717
Change-Id: I3736d612ed40d257ee3dde8e98eb30ccf432670a