FEN input sanitisation

[Ravenslofty]

Stockfish may not be an obvious attack vector for bugs, but I decided to let American Fuzzy Lop loose on the FEN parser, and it found issues very quickly, which should be fixed, even if they may never occur.

Non-ASCII characters should be rejected.

position fen rnbq�bnr/pppppppp/8/8/PPPPPPPP/RNBQKBNR

The bitboards should be checked for basic consistency (one king per colour)

position fen rnbqKbnr/pppppppp/8/8/PPPPPPPP/RNBQKBNR

I'll add more later when it's worked overnight.

[ajithcj]

I think in the past maintainers have made it clear that providing correct FENs is the responsibility of the GUI.
Sanitising it is not the job of an engine.

[Ravenslofty]

So far I have 67 unique crashes - all of them segfaults. The FEN parser is not performance critical code, and these could all be fixed with the Pareto principle of "reject invalid input"

Or do I need to demonstrate an arbitrary code execution exploit?

[mcostalba]

@ajithcj already answered you.