[custom_attrs] Add (some) bounds checking to create_custom_attr
In principle, mono_verifier_verify_cattr_content should prevent malformed custom
attribute blobs from being passed in here.
In practice:
1. The verifier is not on by default
2. System.Reflection.Emit allows an arbitrary byte[] to be passed in which
means that code like this can cause mono to read past the end of the array.
```
// "1 1-byte constructor argument and then 65280 named properties follow"
assembly.SetCustomAttribute(constructor, new byte[] { 1, 0, 1, 0x00, 0xFF });
var attributes = assembly.GetCustomAttributes(true);
```