fix: url encoding for validateExpressRequest

[thinkingserious]

Fixes

Reverts #621

621 breaks validateExpressRequest.

Replacing of these URL-encoded characters is not correct since ":", and "@" are reserved characters that should be URL-encoded and are probably being URL-encoded by most customers (correctly using encodeURIComponent instead of something incorrect like encodeURI)

https://nodejs.org/api/querystring.html#querystring_querystring_stringify_obj_sep_eq_options

Checklist

• I acknowledge that all my contributions will be made under the project's license

[adamj9431]

I believe signature validation will be broken by reverting this. #621 was a fix for validateExpressRequest. Per RFC 3986 @ and : are not reserved characters in the query portion of the URI (part after ?) and therefore should not be escaped.

In our testing, the Twilio backend was in some cases calculating signatures on the un-escaped URL, but the actual path component of the URL in the request sent over the wire by Twilio was (incorrectly) escaped after signature calculation. Therefore the signatures do not match when compared by validateExpressRequest.

#621 is a bit of a kludge, but it does fix this issue. I believe the correct fix (as documented in #621) is to fix Twilio's backend infrastructure to remove the unnecessary escaping, or alternately calculate the signature on the unnecessarily-escaped version of the URL so the signatures will match.