Updates stb_image and stb_image_write

[NBickford-NV]

Hi Syoyo!

TinyGLTF currently embeds a copy of stb_image.h v2.21 and stb_image_write.h v1.11 from March 2019. This version of stb_image.h has a couple of security vulnerabilities (see this NIST National Vulnerability Database (NVD) search; CVE-2019-19777 is the earliest one).

This pull request updates stb_image and stb_image_write to the latest dev branch commit, nothings/stb@9f1776a. This commit is the same as main (stb_image v2.28), plus the fix for nothings/stb#1456.

It also applies changes from two pending merge requests:

• stb_image: fix implicit conversion warnings nothings/stb#1443 fixes 3 type-cast warnings when compiling stb_image with MSVC.
• Fixes null pointer dereference in https://github.com/nothings/stb/issues/1452 nothings/stb#1454 fixes a nullptr dereference when loading certain PIC files and the requested number of channels is 1, 2, or 3 (RUSTSEC-2023-0021).

To make this easier to verify, I've split up the commits so that commit 1 matches the dev branch, the diff for commit 2 matches nothings/stb#1454, and the diff for commit 3 matches nothings/stb#1443.

Thank you!

[syoyo]

Thanks! Merged!

For reading/writing images, we may better to consider adding wuffs https://github.com/google/wuffs and fpng https://github.com/richgel999/fpng (for PNG only) backend for better security and performance.

[syoyo]

Filed an issue(wuffs and fpng) #410

[NBickford-NV]

Thank you Syoyo! I've heard very good things about Wuffs in terms of security and performance.

[syoyo]

@neilbickford-nv Nice! > I've heard very good things about Wuffs

PR of Wuffs backend support is much appreciated!