fix: avoid dereferencing past-the-end vector iterators in serialize.hpp (#22261)

## Summary
Two `write()` overloads in `serialize.hpp` used `&*buf.end()` to obtain
a raw pointer into the newly-resized region. Under `_GLIBCXX_DEBUG`
(enabled in asan-fast and debug presets since #22218), dereferencing
`end()` is a debug assertion abort — even though the subtracted pointer
was in-bounds.

Replaced with `buf.data() + buf.size()` which yields the same pointer
without touching any iterator.

## Failure
`ChonkTests.Basic` in the asan-fast build aborted with:
```
Error: attempt to dereference a past-the-end iterator.
```

## Fix
- `serialize.hpp:166`: `&*buf.end() - sizeof(value)` → `buf.data() +
buf.size() - sizeof(value)`
- `serialize.hpp:251`: `&*buf.end() - N` → `buf.data() + buf.size() - N`

## Test plan
- [x] `ChonkTests.Basic` passes with debug-fast preset (`_GLIBCXX_DEBUG`
enabled)

ClaudeBox log: https://claudebox.work/s/4aef0cbe07a366e4?run=1

Author: AztecBot

barretenberg/cpp/src/barretenberg/common/serialize.hpp

@@ -163,7 +163,7 @@ void read(std::vector<uint8_t> const& buf, std::integral auto& value)
 void write(std::vector<uint8_t>& buf, const std::integral auto& value)
 {
     buf.resize(buf.size() + sizeof(value));
-    uint8_t* ptr = &*buf.end() - sizeof(value);
+    uint8_t* ptr = buf.data() + buf.size() - sizeof(value);
     write(ptr, value);
 }
 
@@ -248,7 +248,7 @@ inline void write(std::ostream& os, std::vector<uint8_t> const& value)
 template <size_t N> inline void write(std::vector<uint8_t>& buf, std::array<uint8_t, N> const& value)
 {
     buf.resize(buf.size() + N);
-    auto* ptr = &*buf.end() - N;
+    auto* ptr = buf.data() + buf.size() - N;
     write(ptr, value);
 }