Fix correctness bugs with overflow guards

[jserv]

The following correctness bugs fixed with unit test coverage:

• sendfile: loop writes until all read bytes are drained to destination, guard zero-progress (wr==0) with EIO, track partial writes via goto
• ELF PT_INTERP: reject (return -1) instead of truncating when segment overflows buf_len, NUL terminator is missing, path exceeds output buffer, or interpreter string is empty
• I/O pointer arithmetic: add __builtin_add_overflow guards on all 10 sites across read, pread, write, pwrite, sendfile, readv/writev, and shadow-read paths to prevent guest-controlled address wrap
• procmem: split process_vm_readv n<=0 into n<0 (-errno) and n==0 (-EFAULT) to eliminate stale errno; guard remote_addr+total overflow

Change-Id: Iac51bf55d02e02e6b0eb4b35ecf5c22b989d5234

---

Summary by cubic

Fixes multiple correctness bugs in I/O and ELF parsing with overflow guards and stricter errors to prevent address wrap, silent truncation, and stale errno. Expands tests for sendfile, PT_INTERP, and procmem to lock in behavior.

• Bug Fixes
  • Added __builtin_add_overflow guards across read/pread/write/pwrite/readv/writev/sendfile and shadow-read paths; return EFAULT/EOVERFLOW on overflow.
  • sendfile now loops on short writes for both LKL and host FDs; wr<=0 is EIO on zero progress; tracks partial writes; guards read/offset arithmetic; offset writeback is best-effort.
  • Read/write forwarding rejects remote address overflow before guest_mem_read/write; propagate first error if no bytes were transferred.
  • ELF PT_INTERP: reject when segment exceeds buffer, missing NUL, empty string, or path doesn’t fit output; stop truncating and return -1.
  • procmem: split process_vm_readv results into n<0 → -errno and n==0 → -EFAULT; guard remote_addr + total overflow.

^{Written for commit 0000256. Summary will update on new commits.}