fix: dev: Harden dig's EDNS option parsing against malformed replies

dig's parser for EDNS options in a DNS reply now stops cleanly when an
option declares a length that runs past the end of the option data,
rather than trusting the upstream OPT-record validator to reject the
reply first. This is a defensive change; behavior is unchanged in
practice.

Merge branch 'ondrej/dig-process-opt-edns-optlen-oob' into 'main'

See merge request isc-projects/bind9!11937