[core] fix -fsanitize=undefined pedantic warning (fixes #3069)

cast to unsigned before << 4 to avoid (pedantic) undefined behavior
of (time_t) (which is signed integral type) on 32-bit signed time_t
The high bit gets shifted into the sign-bit, which is technically
undefined behavior in C, but is defined behavior in C++.

x-ref:
  "pedantic warning from -fsanitize=undefined"
  https://redmine.lighttpd.net/issues/3069

src/mod_auth.c

@@ -1386,7 +1386,7 @@ static handler_t mod_auth_check_digest(request_st * const r, void *p_d, const st
 		time_t ts = 0;
 		const unsigned char * const nonce_uns = (unsigned char *)nonce;
 		for (i = 0; i < 8 && light_isxdigit(nonce_uns[i]); ++i) {
-			ts = (ts << 4) + hex2int(nonce_uns[i]);
+			ts =(time_t)((uint32_t)ts << 4) + hex2int(nonce_uns[i]);
 		}
 		const time_t cur_ts = log_epoch_secs;
 		if (nonce[i] != ':'

src/mod_secdownload.c

@@ -642,7 +642,7 @@ URIHANDLER_FUNC(mod_secdownload_uri_handler) {
 	if (*(ts_str + 8) != '/') return HANDLER_GO_ON;
 
 	for (i = 0; i < 8; i++) {
-		ts = (ts << 4) + hex2int(ts_str[i]);
+		ts = (time_t)((uint32_t)ts << 4) + hex2int(ts_str[i]);
 	}
 
 	const time_t cur_ts = log_epoch_secs;