BUG/MINOR: net_helper: fix out-of-bounds read in tcp_fullhdr_find_opt

BUG/MINOR: net_helper: fix out-of-bounds read in tcp_fullhdr_find_opt

tcp_fullhdr_find_opt() reads smp->data.u.str.area[next + 1] without
checking that next + 1 < len. When the last byte of a TCP header's
options section (at index len - 1) contains an option type that is not
0 (EOL) and not 1 (NOP), the code reads one byte past the valid buffer,
which is an out-of-bounds read, which in practice is totally harmless
but should be fixed.

This can be backported where tcp_fullhdr_find_opt() was backported.