fix: avoid out-of-bounds read when parsing the response status line (#2464)
`frankenphp_send_headers` parsed the status with `atoi(http_status_line
+ 9)`, assuming a fixed 9-byte `"HTTP/x.y "` prefix. `header("HTTP/")`
(5 bytes) makes `+9` read past the buffer. ASan confirms a
heap-buffer-overflow read in `atoi`, 3 bytes past the `estrndup`'d line.
PHP already parses the code into `http_response_code` (via
`sapi_update_response_code()`), so the reparse was redundant and unsafe.
Use it directly. Tests in `statusline_test.go` (run under `-asan`) cover
the short line and a valid `HTTP/1.1 418` line.