gnutls_int.h: make DECR_LEN neutral to signedness

DECR_LEN was previously implemented in a way that it first decrements the given length and then checks whether the result is negative. This requires the caller to properly coerce the length argument to a signed integer before invoking the macro.

This changes the logic to first compare the length and the amount to subtract, so the macro works both with signed and unsigned lengths.

Checklist

• Commits have Signed-off-by: with name/author being identical to the commit author
• Code modified for feature
• Test suite updated with functionality tests
• Test suite updated with negative tests
• Documentation updated / NEWS entry present (for non-trivial changes)
• CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout)

Reviewer's checklist:

• Any issues marked for closing are addressed
• There is a test suite reasonably covering new functionality or modifications
• Function naming, parameters, return values, types, etc., are consistent and according to CONTRIBUTION.md
• This feature/change has adequate documentation added
• No obvious mistakes in the code