validate free space section type during sinfo decode

[naruto-lgtm]

Describe your changes

Repro: open a file whose free space section info block carries a section type byte >= the number of registered section classes (the file FSM registers 3: simple/small/large).
Cause: H5FS__cache_sinfo_deserialize() reads the one-byte type and indexes fspace->sect_cls[sect_type], then calls the class deserialize callback through it. The only guard is an assert(), which is compiled out in release builds, so the type is unvalidated there.
Fix: reject sect_type that is not less than fspace->nclasses before the array is indexed, the same way the header decode already rejects a class count past fspace->nclasses.

Without the check a corrupted file drives an out-of-bounds read of the class array and an indirect call through whatever function pointer lands at that offset. Keeping the validation at the decode site is the right layer because that byte is the trust boundary; every later sect_cls[type] use operates on sections whose type was already accepted here.

Issue ticket number (GitHub or JIRA)

Checklist before requesting a review

• My code conforms to the guidelines in CONTRIBUTING.md
• I made an entry in release_docs/CHANGELOG.md (bug fixes, new features)
• I added a test (bug fixes, new features)

[github-actions]

Review Checklist

This PR touches the following areas. Each needs a sign-off
from its listed owners before merging.

• src — @fortnern
• release_docs — @lrknox