[sanitizer] Improve scanf interceptor

This a rewrite of the scanf parser. The new implementation is pretty close to
the spec, with a few shortcuts taken here and there. It is conservative, i.e.
it gives up parsing if it does not understand some part of the format string,
or runs into an ambiguous % spec. It does not handle some rarely used parts of
the spec, like %n$ - for now.

I'm also moving parser call to after the original *scanf function completes,
so that we can find out the store size of %s directive by the use of strlen()
on the target buffer.

llvm-svn: 174704