How about we just introduce a Html::escape to escape for escaping of text to include into html chunks (not attributes, just html; attributes should always be required to pass through Html::expandAttributes.
I'm not sure what the relevance of $wgContLang->normalize is. It's not applicable to html escaping. Xml.php just uses it to make sure that invalid UTF-8 is not outputted by normalizing the binary, likely so that XML processors won't choke.
Now for permitting a " " inside text this is done completely differently, and not done using htmlspecialchars. We have a method that does exactly this type of escaping called Sanitizer::escapeHtmlAllowEntities, however that method uses htmlspecialchars to do the escaping (and we can't be sure it would be safe to make it stop escaping quotes so we can't update it to use Html::escape later). However this method is really just a shortcut that makes calls to two methods. The proper way to permit " " inside text to be escaped is to use `Sanitizer::decodeCharReferences( $text );`. This will decode those character references converting them into real UTF-8 so they can be safely passed through. Then you just pass the text to the proper html escaping method -- which in the future would be Html::escape.