* </ul>
     *
     * <p><strong>Security Note:</strong> This method MUST be called on all user-supplied
     * input before using it in LDAP search filters to prevent LDAP injection vulnerabilities.
     *
     * @param filter the LDAP search filter to escape (null is treated as empty string)
     * @return the escaped filter string safe for use in LDAP queries (empty string if filter is null)