Dnsmasq: dnsmasq: heap buffer overflow in log_query() when logging unsupported ds/dnskey replies

A remote attacker sends a crafted DNS response containing a DS or DNSKEY record with an unsupported algorithm or digest type (e.g., key_tag=65535, algorithm=255, digest_type=255). If the target dnsmasq instance has both DNSSEC validation and query logging enabled, the `log_query()` function will attempt to append the "(not supported)" suffix to a fixed-size heap buffer, causing a bounded heap overflow of roughly 12 bytes [ref_id=1]. The bytes written are not attacker-controlled, so the primary impact is denial of service via process crash or heap corruption.

The heap buffer overflow resides in the `log_query()` function in `src/cache.c`. When DNSSEC validation and query logging are both enabled, logging DS or DNSKEY replies that contain unsupported algorithm or digest types causes `sprintf()` to write the "(not supported)" suffix past the end of `daemon->addrbuff`, a 46-byte heap buffer [ref_id=1].

The upstream fix in commit 36d081e37477027fd721fea498f3760f529034ad (dnsmasq 2.92rel2) addresses the overflow by ensuring that the "(not supported)" suffix does not exceed the bounds of `daemon->addrbuff`. The patch modifies the logging path so that the buffer size is respected, preventing `sprintf()` from writing past the allocated 46-byte heap region [ref_id=1].