DF-0288
OOB read in mesh peering action: peer_linkid/peer_rcode decoded before length check
Summary
mesh_parse_meshpeering_action: CONFIRM reads peer_linkid(le16dec offset 6-7) before mesh_verify_meshpeer checks peer_len>=6. CLOSE reads peer_rcode similarly. 2-byte OOB read when peer_len==4(base).