Clean up sensitive stack buffers and minor fixes in PKCS#8

[justsmth]

Description of changes:

Minor hardening and cleanup in crypto/pkcs8/pkcs8.c:

• Ensure derived key/IV material on the stack is cleansed on all paths in pkcs12_pbe_cipher_init and pkcs12_key_gen.
• Add a plaintext_len > INT_MAX guard in PKCS8_marshal_encrypted_private_key for consistency with pkcs8_pbe_decrypt.
• Fix a cosmetic double-semicolon.

None of these are practically exploitable — just defense-in-depth hygiene.

Testing:

Existing tests cover the affected code paths. No behavioral changes.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and the ISC license.

[codecov-commenter]

Codecov Report

❌ Patch coverage is 85.71429% with 1 line in your changes missing coverage. Please review.
✅ Project coverage is 78.15%. Comparing base (e5747bd) to head (879160d).

Files with missing lines	Patch %	Lines
crypto/pkcs8/pkcs8.c	85.71%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #3067      +/-   ##
==========================================
- Coverage   78.16%   78.15%   -0.01%     
==========================================
  Files         689      689              
  Lines      121628   121632       +4     
  Branches    16981    16980       -1     
==========================================
- Hits        95070    95066       -4     
- Misses      25675    25681       +6     
- Partials      883      885       +2     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.