Add bounds checks where Coverity otherwise reports a defect. Most of
these checks are unlikely to be triggered in practice (Unicode regexps
are unused, and the caller of gss_krb5int_make_seal_token_v3 won't
have a plaintext object larger than half of the address space). The
checks in dump.c could prevent memory access errors resulting from a
malformed dump file.