Fix out-of-bounds read in RFC822 group/route-addr address parsing

[iliaal]

What

mailparse_rfc822_parse_addresses() reads (and can write) one element past the end of the parsed address array on crafted input such as <>:< or :;:<.

The parser runs two passes: one with a NULL output to count addresses and size the array, then one to fill it. A group whose inner mailbox is an unterminated route-addr (< with no closing >) advances the token cursor past the group's ;, so the two passes disagree on how many slots iaddr reaches. The fill pass then indexes addrs->addrs[iaddr] at iaddr == naddrs, one past the ecalloc'd array.

This is the sibling of the addr-spec case fixed by the recent a_count > 0 guard; the group/route-addr path indexing the address array itself was never bounds-checked.

Fix

Bound every fill-pass write to addrs->addrs[iaddr] by iaddr < addrs->naddrs (the count established by the first pass). On valid input the passes agree and the guard never fires; on the desyncing malformed input it drops the stray write instead of running off the array, and frees the orphaned address_value so nothing leaks.

Both php_mailparse_rfc822.re and the generated php_mailparse_rfc822.c carry the change, matching how this file is maintained.

[iliaal]

Superseded by #69, reopened from the fork (iliaal/pecl-mail-mailparse). Branch should not have been pushed to php/ directly.