Fix logic for an older change: unlike almost every other function in gs, dict_find_string() returns 1 on
success 0 or <0 on failure. The logic for this case was wrong.

Sanitize op stack for error conditions

We save the stacks to an array and store the array for the error handler to
access.

For SAFER, we traverse the array, and deep copy any op arrays (procedures). As
we make these copies, we check for operators that do *not* exist in systemdict,
when we find one, we replace the operator with a name object (of the form
"/--opname--").

Any transient procedures that call .force* operators

(i.e. for conditionals or loops) make them executeonly.

Harden some uses of .force* operators

by adding a few immediate evalutions

CVE-2019-6116