Forcing HTML to be escaped with Twig
i did not have to intentionally do what the Twig documentation warns against (putting the escape strategy in a variable, so that Twig doesn’t know )
Likewise, {% autoescape 'html' %}
was no help.
In the Drupal context, what worked was first rendering, and then escaping:
<description>
{% for item in items %}
{{ item.content|render|escape }}
{% endfor %}
</description>