fix potential read overflow in compat.c replacement for strndup()

fix potential read overflow in compat.c replacement for strndup()

The openconnect__strndup() function is used as a replacement for
strndup() on platforms that lack it.

It is unsafe in its current form, because it calls strlen() on
a buffer that may not be zero-terminated.

Here's a short C program that demonstrates the issue:

    #include <stdio.h>
    #include <string.h>

    int main(int argc, char **argv)
    {
        char *foo = (void *)printf; /* should be legal to read at least 4 bytes */
        printf("We didn't crash in strndup (EXPECTED): %s.\n", strndup(foo, 3));
        printf("We didn't crash in strlen (NOT GUARANTEED): %d\n", strlen(foo));
        return 0;
    }

Signed-off-by: Daniel Lenski <dlenski@gmail.com>