Qtdemux fuzzing fixes

In our internal fuzzing process, we found a few interesting cases of causing segfaults/traps in qtdemux to do with parsing stsd entries.

Essentially, these stem from the fact that the length of the stsd entries is unvalidated and assumed to be "reasonable". I've added a couple of sanity checks, checking if the entries are actually present and that they aren't too large for the containing atom. See the individual commit descriptions for more information on the exact details of each fix.

Additionally, to prevent a regression in the future, I've added a couple of test cases that were produced during our fuzzing process that cause qtdemux to segfault and perform an unnecessary large allocation respectively.