Introduce both clang static analyzer and cppcheck if available. Run at least cppcheck in CI.

This PR adds CppCheck and Clang static code analysis on build. It will run either or both depending on availability. Since we do not have an image yet for librist it'll probably just be CppCheck to start (this is being downloaded manually).
I've also made a few code changes that are noteworthy in non-rist code:

1. aes.c: made aes_key_setup return an error result if the key size is invalid. Clang discovered a path in which it was possible for an invalid key size to be fed in and garbage values could be used in de/encryption.
2. lz4hc.c: LZ4_initStreamHC can fail, but failure was not checked in LZ4_createStreamHC, meaning the system could continue with garbage data.
3. lz4frame.c: LZ4F_updateDict Add a null check for dctx->dict || dctx->tmpOutputBuffer since if either of them are null it leads to bad behaviour or a crash. This may be a false positive though since calling this function should be done on correctly-initialised data.

This addresses #9
3 jobs for cppcheck in 9 seconds (queued for 3 seconds)