Fix out-of-bounds read in FontFileMakeDir()
BuiltinReadDirectory() calls FontFileMakeDir ("", builtin_dir_count);
and
this causes the dirName[dirlen - 1]
access to read before the start of
the string. I found this while porting Xvnc to CHERI-RISC-V (which has
bounds and permissions on all pointers).