Add note about Windows profile verification using CDATA to use escaped XML (#37282)

<!-- Add the related story/sub-task/bug number, like Resolves #123, or
remove if NA -->
**Related issue:** Resolves #33350 

This is solely a docs change, since I've verified it works by escaping
instead of using CDATA.

Could also solve/close: https://github.com/fleetdm/fleet/issues/33731

---------

Co-authored-by: Marko Lisica <83164494+marko-lisica@users.noreply.github.com>

articles/creating-windows-csps.md

@@ -232,6 +232,8 @@ Get-WinEvent -FilterHashtable @{LogName='Microsoft-Windows-DeviceManagement-Ente
 
 [This](https://blog.mindcore.dk/2022/09/intune-error-codes-and-solutions/) blog post can also help you translate error codes that are present here.
 
+> If you encounter the error: "The MDM protocol returned a success but the result couldn’t be verified by osquery", and the profile includes `[!CDATA []]` sections, [escape the XML](https://www.freeformatter.com/xml-escape.html) instead of using CDATA. For example, `[!CDATA[<enabled/>]]>` should be changed to `&lt;enabled/&gt;`.
+
 
 ## Conclusion
 

articles/custom-os-settings.md

@@ -100,6 +100,8 @@ To verify that the OS setting is applied, run the following osquery query:
 SELECT data FROM registry WHERE path = 'HKEY_LOCAL_MACHINE\Software\Policies\employee\Attributes\Subteam';
 ```
 
+> If your Windows profile fails with the following error: "The MDM protocol returned a success but the result couldn’t be verified by osquery", and the profile includes `[!CDATA []]` sections, [escape the XML](https://www.freeformatter.com/xml-escape.html) instead of using CDATA. For example, `[!CDATA[<enabled/>]]>` should be changed to `&lt;enabled/&gt;`.
+
 ### Broken profiles
 
 If one or more labels included in the profile's scope are deleted, the profile will not apply to new hosts that enroll.