X509 API: fix issues

[SparkiDev]

Description

1. BasicConstraints pathLenConstraint absent vs. 0 — get_ext_d2i/set_ext/V3_EXT_d2i now distinguish "no constraint" from 0 per RFC 5280 §4.2.1.9, using the existing basicConstPlSet flag.
2. GENERAL_NAME_print GEN_DIRNAME — added missing return-value normalization so the directory name is actually printed (was emitting only DirName:).
3. GENERAL_NAME_print GEN_DNS — use ASN1_STRING_print like the EMAIL/URI cases, avoiding NULL-strData deref and NUL-truncation.
4. X509_print BasicConstraints — print , pathlen:N to match OpenSSL.
5. X509_print Extended Key Usage — print Any Extended Key Usage (was omitted).
6. get_ext_d2i CRL_DIST_OID double-free — null gn immediately after ownership transfers to dp, so an error from the next push doesn't free it twice.
7. X509V3_EXT_print SAN truncation/failure — match XSNPRINTF size cap to the allocation; was truncating at indent==1 and failing at indent>=2.
8. X509V3_EXT_print AUTH_KEY/SUBJ_KEY NULL deref — NULL-check i2s_ASN1_STRING return before passing to %s.
9. X509_add_ext SAN type confusion — reject DIRNAME/RID/X400/EDIPARTY; only the ASN1_STRING*-backed types are read via gn->d.ia5. Was performing a wild-pointer XMEMCPY in add_altname_ex.

Also: extracted the SAN and WOLFSSL_CUSTOM_OID arms of X509_add_ext into static helpers (behavior-preserving).

Regression tests added for #1–5 and #9; existing GENERAL_NAME_print test hardened (gives GEN_DIRNAME a real directoryName, eliminating an OOB read that the print fix would otherwise expose).

Testing

./configure --disable-shared --enable-opensslall

[SparkiDev]

Jenkins: retest this please