Security
   * Fix possible use-after-free or double-free in code calling
     mbedtls_x509_string_to_names(). This was caused by the function calling
     mbedtls_asn1_free_named_data_list() on its head argument, while the
     documentation did no suggest it did, making it likely for callers relying
     on the documented behaviour to still hold pointers to memory blocks after
     they were free()d, resulting in high risk of use-after-free or double-free,
     with consequences ranging up to arbitrary code execution.
     In particular, the two sample programs x509/cert_write and x509/cert_req
     were affected (use-after-free if the san string contains more than one DN).
     Code that does not call mbedtls_string_to_names() directly is not affected.
     Found by Linh Le and Ngan Nguyen from Calif.
     CVE-2025-47917

Changes
   * The function mbedtls_x509_string_to_names() now requires its head argument
     to point to NULL on entry. This makes it likely that existing risky uses of
     this function (see the entry in the Security section) will be detected and
     fixed.