Ensure csv_escape_string() deals with a string

This prevents a PHP warning when using array dereferencing form to get
$p_string's first character.

When this happened, the strpos() call would return 0, leading to always
(and sometimes incorrectly) qualifying the string as risky, resulting in
a tab character to be prepended.

Note: using a type cast instead of string TypeDef in function signature
to avoid regression issues in case some callers pass NULL.

Fixes 0036987