boot: Check overflow/bounds on image header size

Before using the image and header size fields from the image header,
verify that both of these values are sane.  In this case, sanity means
that there is no arithmetic overflow when they are added, and that the
result is within the bounds of the containing flash region.  This is
done in addition to the check of the header's magic number.

Signed-off-by: David Brown <david.brown@linaro.org>