Coding Standards: Escape the whole attributes in `wp-admin/includes/n…

…av-menu.php`.

It is best to always escape the complete value of an attribute, not a partial value, as otherwise the escaping could be (partially) undone when the values are joined together.

While the hardcoded prefix/suffix values in this case don't necessarily create that risk, those may change to values which could be problematic, so making it a habit to escape the value in one go is best practice.

Includes:
* Moving a few `esc_url()` calls closer to the actual output and escaping the hash parts too.
* Wrapping a few long lines for better readability.

Follow-up to [14248], [23707], [42217], [55615].

Props jrf, SergeyBiryukov.
Fixes #57110.
Built from https://develop.svn.wordpress.org/trunk@55616


git-svn-id: http://core.svn.wordpress.org/trunk@55128 1a063a9b-81f0-0310-95a4-ce76da25c4cd