Fix for CVE-2020-35357 is not present in master (and not in v2.7.0)

[splinter]

The fix for CVE-2020-35357 which affects the quantile_from_sorted_data is not present in this repository. It also seems to be missing from v2.7.0 which is listed as the fix.

In addition, should the value of n not be checked as well?

[1] https://github.com/ampl/gsl/blob/master/statistics/quantiles_source.c
[2] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35357
[3] https://git.savannah.gnu.org/cgit/gsl.git/commit/?id=989a193268b963aa1047814f7f1402084fb7d859