Fix #2417, add size check in CFE_MSG_Init

[heathdutton]

Checklist (Please check before submitting)

• I reviewed the Contributing Guide.
• I signed and emailed the appropriate Contributor License Agreement to GSFC-SoftwareRelease@mail.nasa.gov and copied cfs-program@lists.nasa.gov.

Describe the contribution
Fixes #2417

CFE_MSG_Init only NULL-checks MsgPtr, then calls CFE_MSG_InitDefaultHdr and CFE_MSG_SetMsgId before CFE_MSG_SetSize performs any size validation. If the caller passes Size smaller than the header, those earlier calls have already written out-of-bounds by the time SetSize returns CFE_MSG_BAD_ARGUMENT.

Extended the existing guard to also reject Size < sizeof(*MsgPtr). Using sizeof(*MsgPtr) naturally covers both the pri-only (6 bytes) and priext (10 bytes) header configurations without any ifdef.

Testing performed
Added one assertion in test_cfe_msg_init.c for Size = sizeof(CFE_MSG_Message_t) - 1, exercising the new branch. The pre-existing Size = 0 assertion also now exits via this guard instead of coincidentally via SetSize. clang-format --dry-run --Werror clean.

Expected behavior changes
Callers passing a buffer smaller than the CCSDS header will now receive CFE_MSG_BAD_ARGUMENT with no writes to the buffer. Previously the same callers received CFE_MSG_BAD_ARGUMENT but only after the function had already corrupted memory past the end of their buffer. The downstream SetSize range check (Size < CFE_MSG_SIZE_OFFSET and upper bound) is unchanged.

The related downstream bug in CF (nasa/CF#401) that relied on this behavior is already closed.

System(s) tested on
Code review and clang-format only (macOS does not support cFS native build). Upstream CI will exercise the unit tests on Linux.

Contributor Info
Heath Dutton / Personal