clamp emulated property copies to the caller-allocated count

[aizu-m]

The 2-variant emulation terminators have a count-handling mismatch:

loader/wsi.c  terminator_GetPhysicalDeviceSurfaceFormats2KHR
    formats = loader_stack_alloc(*pSurfaceFormatCount * sizeof(...));  // scratch sized by caller count N
    GetPhysicalDeviceSurfaceFormatsKHR(..., pSurfaceFormatCount, formats);  // ICD rewrites *pSurfaceFormatCount
    for (i = 0; i < *pSurfaceFormatCount; ++i)                         // loop now bound by ICD's number
        pSurfaceFormats[i].surfaceFormat = formats[i];                 // caller array also only holds N

Noticed this reading over the emulation paths after the sparse-format size fix. The scratch array and the caller's output array are both sized from the count the caller passed in, yet the copy loop is bound by the count the legacy entrypoint writes back into the count pointer. A driver that reports more entries than the caller's array holds then walks past the stack scratch buffer and the caller's array.

The non-emulated path already guards this. vkEnumerateDeviceExtensionProperties copies min(*pPropertyCount, count) and stops at the caller's capacity. These emulation terminators just missed the same clamp.

Fix snapshots the allocated count before the call and bounds each copy to it. Same shape at all six sites: queue family, sparse image format, surface formats, display properties, display plane properties, display mode properties.

[ci-tester-lunarg]

Author aizu-m not on autobuild list. Waiting for curator authorization before starting CI build.

[ci-tester-lunarg]

Author aizu-m not on autobuild list. Waiting for curator authorization before starting CI build.

[ci-tester-lunarg]

CI Vulkan-Loader build queued with queue ID 11355.

[ci-tester-lunarg]

CI Vulkan-Loader build # 3570 running.

[ci-tester-lunarg]

CI Vulkan-Loader build # 3570 passed.

[charles-lunarg]

Good defensive check since while we would like the count to be the same as from the first call, we can't guarantee that.