xkb: proof GetCountedString against request length attacks

GetCountedString did a check for the whole string to be within the
request buffer but not for the initial 2 bytes that contain the length
field. A swapped client could send a malformed request to trigger a
swaps() on those bytes, writing into random memory.

Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
5 jobs for wip/xkb-more-request-length-checks in 2 minutes and 4 seconds (queued for 7 seconds)