There is a limited (1 or 2 byte) read off the end of the buffer if its
final or penultimate byte is `%` and it’s not nul-terminated after that.
If the buffer *is* nul-terminated then the first `g_ascii_isxdigit()`
call safely returns `FALSE` and the code moves on.

Fix it by adding an additional check, and some unit tests to catch the
behaviour.

This bug is present in libsoup, which `GUri` is based on, but not
exploitable due to how the external API only exposes nul-terminated
strings. See libsoup!126


for the fix there.

oss-fuzz#23815
oss-fuzz#23818

Signed-off-by: Philip Withnall <withnall@endlessm.com>