integer arithmetic types: correct perhaps-possible negative timeout situation

site_settimeout assumes that its timeout parameter is not before now.
Following the logic of the code this would appear to be currently
true, although I'm not absolutely certain.

Nevertheless it would be better to avoid this assumption.  Instead,
use a signed variable for the time until the timeout, and explicitly
turn negative values into zero.

The use of an int64_t will not cause an arithmetic overflow provided
that no timeouts are more than 2^64 milliseconds (around 580x10^6 yr)
in the past or the future.

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>