index: fix use-after-free in add_conflict()

IndexEntry._to_c() returns both the git_index_entry struct and the
CFFI-allocated char[] that centry.path points to.  add_conflict()
was discarding the char[] reference with `_`, so CFFI freed the path
string while centry.path still pointed to it.  When
git_index_conflict_add() read the dangling pointer, it copied garbage
into the index (observed as EEEE... on hardened allocators).

Keep the path references alive until after the C function returns.

Fixes #1417

Author: jdavid

pygit2/index.py

@@ -255,11 +255,11 @@ def add_conflict(
         centry_ours: ffi.NULL_TYPE | ffi.GitIndexEntryC = ffi.NULL
         centry_theirs: ffi.NULL_TYPE | ffi.GitIndexEntryC = ffi.NULL
         if ancestor is not None:
-            centry_ancestor, _ = ancestor._to_c()
+            centry_ancestor, path_ancestor = ancestor._to_c()
         if ours is not None:
-            centry_ours, _ = ours._to_c()
+            centry_ours, path_ours = ours._to_c()
         if theirs is not None:
-            centry_theirs, _ = theirs._to_c()
+            centry_theirs, path_theirs = theirs._to_c()
         err = C.git_index_conflict_add(
             self._index, centry_ancestor, centry_ours, centry_theirs
         )