cpu_ioreq_pio, cpu_ioreq_move: introduce read_phys_req_item, write_phys_reqm

cpu_ioreq_pio, cpu_ioreq_move: introduce read_phys_req_item, write_phys_reqm

The current code compare i (int) with req->count (uint32_t) in a for
loop, risking an infinite loop if req->count is >INT_MAX.  It also
does the multiplication of req->size in a too-small type, leading to
integer overflows.

Turn read_physical and write_physical into two different helper
functions, read_phys_req_item and write_phys_req_item, that take care
of adding or subtracting offset depending on sign.

This removes the formulaic multiplication to a single place where the
integer overflows can be dealt with by casting to wide-enough unsigned
types.

Reported-By: Dongxiao Xu <dongxiao.xu@intel.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
Tested-by: Dongxiao Xu <dongxiao.xu@intel.com>