top, library: Explicit "signed char" when expected, a few overflow fixes

Hi, stumbled upon these at random:

1. "char" -> "signed char" where specifically desired (char x=-1; int i; if ((i=x)<0) ...).
2. "i + n" can overflow in esc_ctl().
3. "restrict" ptrs to escape_str(), s*printf() requires that. Didn't check whether any callers try to do otherwise.
4. Minor snprintf mod. to avoid EOVERFLOW if "src" is longer than INT_MAX.

Note:

1. there are two instances of that large matrix.
2. esc_ctl() takes "len" w/o '\0', but relies on it and accesses it at str+len anyway through a call to esc_all(). It's misleading.
3. UTF_tab[] is correct, but it's not sufficient to validate UTF-8. Not sure if it's intentional.