graphics/wayland: merge upstream fix for CVE-2013-2003

This is upstream MR 133,
https://gitlab.freedesktop.org/wayland/wayland/-/merge_requests/133
which in turn is a Wayland-ified version of the fix to libXcursor.

PR: 256273
Reported by: Evgeniy Khramtsov
Approved by: zeising (x11)

(cherry picked from commit 6431a5d2419ada906a7927c7b85e5f98bcd6eba2)