Update PE parsing code related to Authenticode verification

The following changes were made
 - The code to calculate the authenticode hash was not properly
   accounting for the case where a PE had sections that either
   overlapped with each other or overlapped with the PE header.
   One common case for this is UPX-packed binaries, where the
   first section with data on disk starts at offset 0x400, which
   overlaps with the specified PE header by 0xC00 bytes.
 - The code didn't wrap accesses to fields in the Security
   DataDirectory with EC32(), so it seems likely that authenticode
   parsing always encountered issues on big endian systems.  I
   think I fixed all of the accesses in cli_checkfp_pe, but there
   might still be issues here.  I'll test this further.
 - We parse the authenticode data header to better ensure that it's
   PCKS7 we are trying to parse, and not one of the other types
 - cli_checkfp_pe should now finish faster in the case where there
   is no authenticode data and we don't want to compute the section
   hashes.
 - Fixed a potential memory leak in one cli_checkfp_pe failure case

libclamav/pe.h

@@ -144,6 +144,17 @@ struct pe_image_section_hdr {
     uint32_t Characteristics;
 };
 
+#define WIN_CERT_REV_2 0x0200
+#define WIN_CERT_TYPE_PKCS7 0x0002
+
+/** PE authenticode data header
+  \group_pe */
+struct pe_certificate_hdr {
+    uint32_t length; /** length of the certificate data, including the header */
+    uint16_t revision;
+    uint16_t type;
+};
+
 /** Data for the bytecode PE hook
   \group_pe */
 struct cli_pe_hook_data {