do not use string-to-integer conversions without error handling

[firewave]

I came across this in preparation of improving the error location of MathLib::to*(). I also wanted to improve the argument validation in CmdLineParser for a while now.

atoi() will return 0 if the conversion fails without any indication.

std::istringstream usage needs to be checked and it can overflow without error which can leading to wrong results. It also behaves differently with Visual Studio. See https://trac.cppcheck.net/ticket/10180 and https://trac.cppcheck.net/ticket/10181.

We also use(d) MathLib::to*Long() for non-literal conversions which required us to allow inputs which are not literals. I have not rolled back those changes yet since I still need to identify the changes. As I have a few more other tests cases to add I will do that in a different PR.

The enabled clang-tidy check warns about atoi() usage - see https://clang.llvm.org/extra/clang-tidy/checks/cert/err34-c.html.

[firewave]

The string we convert in getMinFormatStringOutputLength() in checkbufferoverrun.cpp might not contain any numbers so it is intentional that we might get 0. Looking at the documentation of the format specifiers it seems might also encounter some valid strings which need to be converted differently - but that's something completely different.

[firewave]

I filed https://trac.cppcheck.net/ticket/11631 about the Failed to instantiate template selfcheck warnings.