BUG/MINOR: payload: validate minimum keyshare_len in smp_fetch_ssl_keyshare_groups

BUG/MINOR: payload: validate minimum keyshare_len in smp_fetch_ssl_keyshare_groups

The keyshare extension parsing loop reads dataPointer[readPosition+2]
and dataPointer[readPosition+3] inside the loop body, requiring at least
4 bytes to be safe. However, keyshare_len was only validated as >= 2.

With keyshare_len == 2 or 3, the first loop iteration would read past
the end of the extension data, causing an out-of-bounds read which is
harmless in practice. We also need to make sure that the read position
stops 4 bytes before the end in order to read the 4 next bytes.

This can be backported to stable versions.