Fix NULL dereference when serializing/measuring a tag with no item set

[PJK]

Fixes #416.

Summary

Commit e87cc36 changed cbor_tag_item() to return NULL when called on a tag with no item set, but several call sites using cbor_move(cbor_tag_item(...)) were not updated. Since cbor_move unconditionally does item->refcount--, passing NULL causes an immediate crash.

• cbor_move (common.c): added NULL guard — returns NULL when passed NULL. This makes the cbor_move(cbor_tag_item(...)) pattern safe by contract.
• cbor_serialized_size (serialization.c): extract cbor_tag_item result into a local, return 0 if NULL before calling cbor_move.
• cbor_serialize_tag (serialization.c): same — return 0 (serialization failure) if the tag has no item set.

Test plan

• test_move_null — cbor_move(cbor_tag_item(empty_tag)) returns NULL without crashing
• test_serialized_size_tag_no_item — cbor_serialized_size returns 0 for a tag with no item
• test_serialize_tag_no_item — cbor_serialize returns 0 for a tag with no item
• Full test suite (28 targets) passes

🤖 Generated with Claude Code

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 99.82%. Comparing base (2a7b001) to head (7e3c481).
⚠️ Report is 1 commits behind head on master.

Additional details and impacted files

@@           Coverage Diff           @@
##           master     #420   +/-   ##
=======================================
  Coverage   99.82%   99.82%           
=======================================
  Files          20       20           
  Lines        1757     1762    +5     
=======================================
+ Hits         1754     1759    +5     
  Misses          3        3           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.