Add an assertion to read_file_to_str_until_eof

The clangalyzer doesn't believe our math here.  I'm pretty sure our
math is right.  Also, add some unit tests.

src/common/util.c

@@ -2357,6 +2357,7 @@ read_file_to_str_until_eof(int fd, size_t max_bytes_to_read, size_t *sz_out)
     pos += r;
   } while (r > 0 && pos < max_bytes_to_read);
 
+  tor_assert(pos < string_max);
   *sz_out = pos;
   string[pos] = '\0';
   return string;

src/test/test_util.c

@@ -86,6 +86,20 @@ test_util_read_file_eof_tiny_limit(void *arg)
   test_util_read_until_eof_impl("tor_test_fifo_tiny", 5, 4);
 }
 
+static void
+test_util_read_file_eof_one_loop_a(void *arg)
+{
+  (void)arg;
+  test_util_read_until_eof_impl("tor_test_fifo_1ka", 1024, 1023);
+}
+
+static void
+test_util_read_file_eof_one_loop_b(void *arg)
+{
+  (void)arg;
+  test_util_read_until_eof_impl("tor_test_fifo_1kb", 1024, 1024);
+}
+
 static void
 test_util_read_file_eof_two_loops(void *arg)
 {
@@ -97,6 +111,14 @@ test_util_read_file_eof_two_loops(void *arg)
   test_util_read_until_eof_impl("tor_test_fifo_2k", 2048, 10000);
 }
 
+static void
+test_util_read_file_eof_two_loops_b(void *arg)
+{
+  (void)arg;
+
+  test_util_read_until_eof_impl("tor_test_fifo_2kb", 2048, 2048);
+}
+
 static void
 test_util_read_file_eof_zero_bytes(void *arg)
 {
@@ -3870,7 +3892,10 @@ struct testcase_t util_tests[] = {
   UTIL_TEST(make_environment, 0),
   UTIL_TEST(set_env_var_in_sl, 0),
   UTIL_TEST(read_file_eof_tiny_limit, 0),
+  UTIL_TEST(read_file_eof_one_loop_a, 0),
+  UTIL_TEST(read_file_eof_one_loop_b, 0),
   UTIL_TEST(read_file_eof_two_loops, 0),
+  UTIL_TEST(read_file_eof_two_loops_b, 0),
   UTIL_TEST(read_file_eof_zero_bytes, 0),
   UTIL_TEST(write_chunks_to_file, 0),
   UTIL_TEST(mathlog, 0),