Fixes from Google Android team for jpgd.cpp security vulnerabilities (incl. CVE-2017-0700)

[akien-mga]

See https://github.com/godotengine/godot/issues/30952 and https://github.com/libgdx/libgdx/issues/5737 for context.

Google Android used to maintain a libgdx fork, and committed some security fixes in libgdx's bundled jpgd.cpp, which were seemingly not contributed back upstream either here or to libgdx. Godot also uses jpgd.cpp so is affected likewise.

I reviewed the Google Android libgdx codebase and cherry-picked the two commits related to jpgd.cpp: https://android.googlesource.com/platform/external/libgdx/+log/refs/heads/nougat-mr2.3-release

The second commit was apparently the fix (or one of the fixes?) for CVE-2017-0700. PoC: https://github.com/ele7enxxh/poc-exp/tree/master/CVE-2017-0700

Note that I cherry-picked these commits without modification, nor reviewing whether they do things the right way. I tested that second commit properly fixes the above linked PoC:

$ git checkout master
$ g++ test.cpp jpgd.cpp
$ ./a.out ~/tmp/CVE-2017-0700.jpg 
Segmentation fault (core dumped)

$ git checkout google-security-fixes
$ g++ test.cpp jpgd.cpp
$ ./a.out ~/tmp/CVE-2017-0700.jpg 
a.out: jpgd.cpp:1673: void jpgd::jpeg_decoder::load_next_row(): Assertion `m_comp_quant[component_id] < JPGD_MAX_QUANT_TABLES' failed.
Aborted (core dumped)

CC @richgel999 as I've noticed you don't "watch" your old repos imported from Google Code.