Fix CodeQL alert

[marlenecota]

CodeQL found an issue in base.h via static analysis where the lower bound of the index id is not being checked before accessing array values_.

microsoft/react-native-windows#12702

[vitaut]

Merged, thanks!

[marlenecota]

Thanks, @vitaut! Would you happen to know when 10.2.2 might get published?

[vitaut]

There are no plans to publish a patch release at the moment. Note that negative IDs cannot appear when using the usual formatting API such as fmt::format or fmt::print. Therefore I don't think this fix warrants a special release.