userauth: avoid oob with huge interactive kbd response

- If the length of a response is `UINT_MAX - 3` or larger, an unsigned
  integer overflow occurs on 64-bit systems. Avoid such truncation to
  always allocate enough memory to avoid subsequent out of boundary
  writes.

  Patch-by: Tobias Stoeckmann

- also add FIXME to bump up length field to `size_t` (ABI break)

Closes #1337

include/libssh2.h

@@ -292,7 +292,7 @@ typedef struct _LIBSSH2_USERAUTH_KBDINT_PROMPT
 typedef struct _LIBSSH2_USERAUTH_KBDINT_RESPONSE
 {
     char *text;
-    unsigned int length;
+    unsigned int length;  /* FIXME: change type to size_t */
 } LIBSSH2_USERAUTH_KBDINT_RESPONSE;
 
 typedef struct _LIBSSH2_SK_SIG_INFO {