Passing DevSkim Application Inspector rules can cause an index to be found that is out of range of the file

[gfs]

Describe the bug As seen in https://github.com/microsoft/OSSGadget/issues/290 if you use devskim with Application Inspector rules (not officially supported) this can cause an out of bounds detection for an index. Regardless of that the rules may not be valid - the OAT operations we implemented should not return out of bounds indexes.

To Reproduce Run devskim with the fully packed application inspector rules against pkg:/left-pad:1.3.0 on oss-download.

Expected behavior Indexes are all inside the file.