- Do not pass database objects to the context under any circumstances
  (this was big security hole, even for an admin-only feature, as it
  allowed manipulating pretty much any data in the DB)
- Use the same schema for real data and preview data to avoid going out
  of sync (and generate the dummy data from a real event with all
  regform field types so people can see the data without digging through
  the code)
- Add Python syntax highlighting for placeholders (since they are used
  in a Python context and not as JSON)
- Indicate datetime objects instead of just showing them as an
  isoformat date string
- Correctly display HTML from undefined objects and also apply Undefined
  logic to simply trying to display a top-level undefined value

For large events rendering hundreds of receipts just for a preview would
be way too slow