net/ssl-mbed: NULL-check calloc in ssl_socket_init

ssl_socket_init in the mbedtls variant had the same bug as the
BearSSL variant: calloc then immediate dereference with no NULL
check.

    struct ssl_state *state = (struct ssl_state*)calloc(1, sizeof(*state));
    state->domain           = domain;   /* NULL-deref on OOM */

Fix: NULL-check and return NULL on failure.  The caller
(net_http.c:1030) already treats a NULL return from ssl_socket_init
as 'SSL setup failed, abort'.

Not fixed here: the existing 'error:' label at the bottom of this
same function only does 'if (state) free(state)' without calling
mbedtls_ssl_free / mbedtls_ssl_config_free / mbedtls_ctr_drbg_free
/ mbedtls_entropy_free / mbedtls_x509_crt_free on the sub-contexts
that were already mbedtls_*_init'd before the goto error.  The
'ssl_socket_free' function further down does call all of those
in the right order.  Folding that cleanup into the error path
is orthogonal to the NULL-deref fix and deserves its own commit
with some mbedtls-side-effect analysis; deferred.

Thread-safety: unchanged.

Author: LibretroAdmin

libretro-common/net/net_socket_ssl_mbed.c

@@ -95,6 +95,13 @@ void* ssl_socket_init(int fd, const char *domain)
    static const char *pers = "libretro";
    struct ssl_state *state = (struct ssl_state*)calloc(1, sizeof(*state));
 
+   /* NULL-check before 'state->domain = domain' on the next line
+    * dereferences state.  Sibling bug in net_socket_ssl_bear.c's
+    * ssl_socket_init was fixed in the previous commit; applying
+    * the same fix here. */
+   if (!state)
+      return NULL;
+
    state->domain           = domain;
 
 #if defined(MBEDTLS_DEBUG_C)