ipaddr_to_string: SECURITY: Do not allocate
ipaddr_to_string is used in many places including runtime logging.
Handling its memory allocation is annoyingly fiddly. Indeed there is
at least one possible memory leak, which represents a potential denial
of service bug.
None of the callers keep the answers for any length of time.
So make it return the next one of a series of round-robin buffers,
instead, and remove all the freeing at all the call sites.
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>