ldap: fix character escaping

Character escaping existed but it didn't work properly.
This should fix it by using hexadecimal escaping. Granted,
the implementation is probably a bit overkill (it should
support anything using more than 1 byte); Postel's law
applies.

Bug: T373269