Address Copilot review on PR #3560

1. Add missing bound check before reading value_len (Copilot #1 — real
   bug). After consuming the name field, blob_offset can advance to
   exactly blob_size; the subsequent 16-bit read of value_len from
   blob[blob_offset] / blob[blob_offset+1] would then OOB-read on a
   truncated blob. Fixed with the standard 2-byte check.

2. Drop tests/regression/persist_dbm/ (Copilot #2-#5). The directory
   was not wired into the Autotools build (no AC_CONFIG_FILES nor
   parent SUBDIRS entry), and the existing tests/regression/ is a
   Perl-based HTTP integration harness that doesn't fit a unit test
   of a static function. Wiring it into tests/Makefile.am where
   msc_test lives would require non-trivial restructuring; keeping
   the standalone harness outside the upstream tree (in the security
   advisory's PoC archive) is the cleaner path for now.

Refs: PR #3560 review comments by github-actions[bot] / Copilot.

Author: g4mm4-VCF

apache2/persist_dbm.c

@@ -66,6 +66,7 @@ static apr_table_t *collection_unpack(modsec_rec *msr, const unsigned char *blob
         blob_offset += var->name_len;
         var->name_len--;
 
+        if (blob_offset + 1 >= blob_size) return NULL;
         var->value_len = (blob[blob_offset] << 8) + blob[blob_offset + 1];
         blob_offset += 2;