archive/zip: EOCDR comment length handling is inconsistent with other ZIP implementations [1.21 backport]

[gopherbot]

@neild requested issue #66869 to be considered for backport to the next 1.21 minor release.

This parser misalignment is a PUBLIC track security issue. We have assigned this CVE-2024-24789.

@gopherbot please open backport issues. This is a security issue.

[cagedmantis]

Approved as this is a security issue.

[gopherbot]

Change https://go.dev/cl/588795 mentions this issue: [release-branch.go1.21] archive/zip: treat truncated EOCDR comment as an error

[gopherbot]

Closed by merging c8e4033 to release-branch.go1.21.