Don't use `std::string_view` with APIs expecting null-terminated strings

[ZXShady]

template <class T, class... Ps>
Result<T> read(const std::string_view _xml_str) {
  pugi::xml_document doc;
  const auto result = doc.load_string(_xml_str.data());
  if (!result) {
    return error("XML string could not be parsed: " +
                 std::string(result.description()));
  }
  const auto var = InputVarType(doc.first_child());
  return read<T, Ps...>(var);
}

https://github.com/getml/reflect-cpp/blob/main/include%2Frfl%2Fxml%2Fread.hpp#L32-L42

doc.load_string expects a null terminated string so it knows the length, this could easily lead to security vulnerabilities with non-null yerminated inputs

Solutions:

• Take const std::string& as parameter instead. (cheap if user already passes a std::string but limits the user from passing pther string types implicitly.

• Keep std::string_view in parameter but construct a std::string inside the function (more expensive)

• Use another function internally that accepts a const char* str,std::size_t len pair

[liuzicheng1987]

@ZXShady , great catch, thank you so much. Issue is resolved with ec6ab3b.