libarchive: merge security fix from vendor branch

This commit fixes a couple of security vulnerabilities in the PAX writer:

1. Heap overflow in url_encode() in archive_write_set_format_pax.c
2. NULL dereference in archive_write_pax_header_xattrs()
3. Another NULL dereference in archive_write_pax_header_xattrs()
4. NULL dereference in archive_write_pax_header_xattr()

Security: No known reference yet
Obtained from: https://github.com/libarchive/libarchive/commit/1b4e0d0f9
Approved by: re (gjb)

(cherry picked from commit f10f65999fe56e92f00b5bc5d27ac342cfea5364)
(cherry picked from commit 0c9b0086715b3b354d471de9dee2ea113aa94481)