Fix integer overflow in utf{16,32}_to_utf8_length

Without an explicit check, the return value can wrap around and return
a value that is far too small to hold the data from the resulting
conversion.

No SafetyNet logging is included because when included aapt fails to
link in lmp-mr1-dev.

No CTS test is provided because it would need to allocate at least
SSIZE_MAX / 2 bytes of UTF-16 data, which is unreasonable on 64-bit
devices.

Bug: 37723026
Test: run cts -p android.security
Change-Id: Ice276dc3a5b62ad389b2e9b8caf670c76b7e5218
Merged-In: Ie2606b92b9eab1acfe8ce4663b43b81156a4cad7