libarchive: merge security fix from vendor branch
This commit fixes a couple of security vulnerabilities in the PAX writer:
- Heap overflow in url_encode() in archive_write_set_format_pax.c
- NULL dereference in archive_write_pax_header_xattrs()
- Another NULL dereference in archive_write_pax_header_xattrs()
- NULL dereference in archive_write_pax_header_xattr()
Security: No known reference yet
Obtained from: https://github.com/libarchive/libarchive/commit/1b4e0d0f9
MFC after: 3 days