ssp: fix our gets_s implementation under _FORTIFY_SOURCE

Annex K specifies an interface for handling constraint violations from
gets_s, but we previously broke this for some classes of get_s misuse.

Provide a more nuanced version that tries to dodge errors that would
trigger a constraint handler while still providing value. Notably, we
don't want to trigger a failure unless the passed-in length reasonably
fits within an RSIZE_MAX, because gets_s will immediately call larger
lengths bogus and fail.

PR: 294881
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D56734