Validate player/item names coming from save file

[StephenCWills]

When reviewing #7775, I noticed the code is just blindly assuming that LoadHelper::NextBytes() will produce a null-terminated string in Item::_iName, Item::_iIName and Player::_pName, but the function provides no such guarantee.

I was able to observe a buffer overrun with single_0.sv.zip, using some debug code to visualize it. The player name is completely full of the s character. The debug code writes i characters into the item seed for the player's head slot so they can be seen in the output.

diff --git a/Source/diablo.cpp b/Source/diablo.cpp
index 6664a2199..fbb866c0b 100644
--- a/Source/diablo.cpp
+++ b/Source/diablo.cpp
@@ -1991,6 +1991,11 @@ void InitKeymapActions()
 	    'X',
 	    [] {
 		    DebugToggle = !DebugToggle;
+		    MyPlayer->InvBody[0]._iSeed = DebugToggle ? 0x00696969 : 0;
+		    EventPlrMsg(fmt::format(
+		                    fmt::runtime("{:s}"),
+		                    MyPlayer->_pName),
+		        UiFlags::ColorWhite);
 	    });
 #endif
 	options.Keymapper.CommitActions();

Here's what that looks like when I press x four times.

And to demonstrate how non-debug code makes the assumption about null termination, here is an example of that.

[kphoenix137]

Back when I was messing around with a custom character renaming command in DevilutionX, I noticed I could corrupt other data if I made the name too long. Unfortunately it didn't occur to me to actually do something about it. :')