Various PKCS7 fixups

[WillChilds-Klein]

Notes

Some miscellaneous fixups to our PKCS7 implementation:

• prevent potential BIO leak on write failure
• fix return value of PKCS7_set_detached
• prevent SIGABRT crash on allocation failure
• wipe aliased cipher_bio pointer
• forbid negative lengths when parsing
• zeroize stack-allocated MMA key in failure cases (basically a non-issue because it's error path and nothing usable is returned)

Testing

• CI

---

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and the ISC license.

[codecov-commenter]

Codecov Report

❌ Patch coverage is 50.00000% with 4 lines in your changes missing coverage. Please review.
✅ Project coverage is 78.51%. Comparing base (0628190) to head (a2b0630).
⚠️ Report is 1 commits behind head on main.

Files with missing lines	Patch %	Lines
crypto/pkcs7/pkcs7.c	42.85%	4 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #3035      +/-   ##
==========================================
+ Coverage   78.35%   78.51%   +0.16%     
==========================================
  Files         689      689              
  Lines      121010   121017       +7     
  Branches    16992    16997       +5     
==========================================
+ Hits        94813    95019     +206     
+ Misses      25302    25098     -204     
- Partials      895      900       +5     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.