#1303 serialize ref duplication and harden dynamic object size calculations

[Giovanni Di Sirio]

The OSLIB factory needed two safety fixes.

First, chFactoryDuplicateReference() was incrementing object reference
counters without using the factory lock, while create/find/release paths were
serialized. This created a race against final release and object reclamation.

Second, the heap-backed factory creators (Buffer, Mailbox, ObjectsFIFO, Pipe)
were performing unchecked add/multiply/alignment arithmetic when computing
allocation sizes. Extreme input values could overflow those calculations
before allocation, leading to undersized objects and out-of-bounds
initialization.

The fix:

• makes chFactoryDuplicateReference() a locked API
• adds checked size helpers for add/multiply/alignment operations
• rejects overflowing size requests before allocation