ruleset: detect integer overflow of the ID and bail out

The check is semantically correct, because some IDs are reserved. Here,
we exploit the fact that the LastID is defined to be max_int-2, so when
we increment _id_next often enough, we will eventually reach the
reserved LastID. If that ID is reached, we bail out to prevent further
damage.

The daemon logs the exception and keeps running. But it appears
dysfunctional, i.e. does not notice new device let alone authorise any.

src/Library/public/usbguard/RuleSet.cpp

@@ -223,7 +223,13 @@ namespace usbguard
 
   uint32_t RuleSet::assignID()
   {
-    return _id_next++;
+    const auto next_id = _id_next + 1;
+    if (next_id >= Rule::LastID) [[unlikely]]
+        {
+            throw std::out_of_range("Rule ID too high");
+        }
+    _id_next = next_id;
+    return next_id;
   }
 
   void RuleSet::setWritable()