[Fix] upstream: make addr accessors and all_upstreams pending-safe

[Fix] upstream: make addr accessors and all_upstreams pending-safe

The PENDING_RESOLVE upstream state introduced earlier kept pending
entries out of the alive list, but `:all_upstreams()` walks the full
`ups` array and exposes them to Lua callers - which then crashed in
`s:get_addr()` because `rspamd_upstream_addr_next/cur/port` indexed
a NULL `addrs.addr`.

Defensive fix at the C accessor layer:

* rspamd_upstream_addr_next / _cur now return NULL when the upstream
  has no addresses (NULL or empty array). This is the safe layer that
  every other consumer eventually goes through.
* rspamd_upstream_port returns the parsed `deferred_port` for pending
  upstreams (so callers that just want a port get a sensible answer)
  and -1 if even that is unknown.
* lua_upstream:get_addr() pushes nil when the C side has no address.

Audit of `:all_upstreams()` callers, all updated to skip pending:

* lua_redis prepare_redis_call (SCRIPT LOAD broadcast): if
  `s:get_addr()` is nil, mark the slot as "tempfail" so the next
  retry will pick it up once DNS comes back, log, and skip it.
* rspamadm statistics_dump connect_to_upstream: log and return early
  before opening a redis connection with a nil host.
* clickhouse plugin check_clickhouse_upstream: skip with an info log
  so the periodic check tries again next tick.

The DKIM Vault helper already passes `upstream = ... or nil` to
http.request and lets the HTTP layer fall back to URL-based connect,
which remains the right behaviour.