fix(string): restrict encryption to C strings only

Replace isString() with isCString() in both the global-variable and
struct-field encoding paths. isString() matches any [N x i8] array,
including binary data arrays (bitmasks, protocol constants, numeric
byte tables) that happen to have no embedded null bytes. isCString()
restricts encryption to proper null-terminated C strings only.

This prevents the pass from encrypting arrays like QUIC crypto labels,
DTLS bitmask tables, and test data arrays such as {1,1,...,1}, which
caused memory corruption and test failures in the OpenSSL QUIC ACK
manager test (75-test_quic_ackm.t).

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

Author: PatriceBlin

string/StringObfuscation.cpp

@@ -109,7 +109,7 @@ bool StringObfuscatorPass::encodeAllStrings(Module &M) {
     // Encode the value and update the variable
     if (isa<ConstantDataArray>(initializer)) { // Global variable
       auto array = cast<ConstantDataArray>(initializer);
-      if (array->isString()) {
+      if (array->isCString()) {
         encodeGlobalString(ctx, &gv, array);
       }
     } else if (isa<ConstantStruct>(initializer)) { // Variable in a struct
@@ -118,7 +118,7 @@ bool StringObfuscatorPass::encodeAllStrings(Module &M) {
         auto operand = cs->getOperand(i);
         if (isa<ConstantDataArray>(operand)) {
           auto array = cast<ConstantDataArray>(operand);
-          if (array->isString()) {
+          if (array->isCString()) {
             encodeStructString(ctx, &gv, cs, array, i);
           }
         }