Bug 1953: removing potential SQL injections from C4::Calendar::_init

Bug 1953: removing potential SQL injections from C4::Calendar::_init

This patch changes the 4 select statements in C4::Calendar::_init.
tests for this method were included in a previous patch.

There are more potential problems in C4::Calendar::delete_holiday, but that
method seems to have deeper bugs than just these. I'll open another bug for
them if I can figure out how it's supposed to work.

No documentation changes necessary.

Signed-off-by: Joshua Ferraro <jmf@liblime.com>