use error return code in place of assert()

[pcallahan-r7]

libinjection_xss() returns an int to indicate evidence of XSS (1) or absence (0). If the parser's state machine wound up in a bad state (e.g. string cursor position greater than string length), libinjection would abort the process it was in.

This change creates an enum return type for libinjection_xss() and downstream state functions that indicates XSS True, False or Error. The Error return code indicates the parser state machine got into a bad state. The library will no longer abort on error.