SECURITY: Defend adns_rr_info (somewhat) from bogus *datap

SECURITY: Defend adns_rr_info (somewhat) from bogus *datap

The general pattern for formatting integers is to sprintf into a
fixed-size buffer.  This is correct if the input is in the right
range; if it isn't, the buffer may be overrun (depending on the sizes
of the types on the current platform).

Of course the inputs ought to be right.  And there are pointers in
there too, so perhaps we could say that the caller ought to check
these things.  I think it's better to require the caller to make the
pointer structure right, but to have the code here be defensive about
(and tolerate with an erro but without crashing) out-of-range integer
values.

So: defend each of these integer conversion sites with a check for the
actual permitted range, and return adns_s_invaliddata if not.

The lack of this check causes the SOA sign extension bug to be a
serious security problem: the sign extended SOA value is out of range,
and will overrun the buffer when reconverted.

Found by AFL 2.35b.  CVE-2017-9106.

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>