Avoid heap buffer overflow in valkeyAsyncFormattedCommand

[bjosv]

valkeyAsyncFormattedCommand now returns VALKEY_ERR instead of crashing when the command length, or content, is faulty.

Adds validation of the parsed length to make sure we don't read past the buffer end.
The internal nextArgument function now takes a new function argument, the buffer length, to be able to do the validation.

Fixes #242

[michael-grunder]

This is great.

The only big questions I have are around bulk length (e.g. $0\r\n\r\n or $-1\r\n). I don't think clients are ever supposed to send null bulk arguments so that's probably fine to ignore.

If we are only ever going to accept len >= 0 we could be slightly more paranoid and use a bespoke parser that does it in place while taking an end pointer.

I played around with something like that here:
https://github.com/michael-grunder/libvalkey/blob/2e13a4ef0d64ab32de0aee4522b8f7fed5c68733/src/async.c#L866

That might be overkill though 😄

[bjosv]

I incorporated your length parser now so the PR got a bit bigger, but I think its more straight on.
I'll see if I can run some benchmark comparisons.

[bjosv]

It seems that parseBulkLen was a nice improvement.
Just running nextArgument in a loop with a simple GET key command is faster now with this PR,
and just replacing strtol gave most of the improvement.

Before PR: 1000000x : 18.831ms
After PR:  1000000x : 14.889ms