Reject out-of-bounds ALPN length in ssl_context_load

[nvxbug]

Description

ssl_context_load() reads the serialized ALPN protocol length as a single byte and then runs memcmp(p, *cur, alpn_len) against each configured protocol, but it never checks that alpn_len bytes still remain before end. A corrupted or truncated serialized context whose ALPN length is larger than the bytes that actually follow makes that memcmp read past the end of the buffer.

The added check bounds alpn_len against the remaining data right after the length is read, the same way the DTLS CID lengths a few lines above are bounded. Keeping the check next to the read leaves both the comparison loop and the p += alpn_len advance inside the buffer. The regression test under test_suite_ssl serializes a context with a negotiated protocol, enlarges the stored length, and checks the load is rejected; it trips ASan at the memcmp before the fix.

PR checklist

• changelog provided
• framework PR not required
• TF-PSA-Crypto development PR not required
• TF-PSA-Crypto 1.1 PR not required
• mbedtls development PR this PR
• mbedtls 4.1 PR not part of this PR, happy to backport if wanted
• mbedtls 3.6 PR not part of this PR, happy to backport if wanted
• tests provided