Fix Svacer iterator leak warning

[marcofortina]

Summary

Fixes the real client iterator leak reported by Svacer in the ExtendedDesktopSize success path and tightens cursor cleanup so lazily generated cursor buffers are released for both owned and non-owned cursor objects.

Details

• Release the rfbGetClientIterator() allocation after notifying other clients about a successful desktop size change.
• Factor cursor-owned buffer cleanup into a helper used by rfbFreeCursor().
• Allow rfbFreeCursor() to release owned cursor sub-buffers without clearing or corrupting caller-owned/static cursor fields.
• Call rfbFreeCursor() when replacing the current cursor, even if the cursor object itself is not owned by LibVNCServer.
• Call rfbFreeCursor() during screen cleanup for the default static cursor too; the cursor object is not freed, but any lazily generated source/richSource buffers are released.

This addresses the Svacer reports for cursor.c by making the cached buffers have explicit cleanup paths, including the default static cursor case.

Validation

Configured, built, and ran the test suite locally with:

cmake -S . -B build \
  -DCMAKE_BUILD_TYPE=Debug \
  -DWITH_TESTS=ON \
  -DWITH_EXAMPLES=OFF \
  -DWITH_GTK=OFF \
  -DWITH_SDL=OFF \
  -DWITH_QT=OFF \
  -DWITH_FFMPEG=OFF
cmake --build build --parallel
ctest --test-dir build --output-on-failure

Result: 5/5 tests passed.

Closes #724