Fix Coverity DEADCODE findings in COSE MAC and CBOR decode paths

[aidangarske]

Resolves four Coverity Scan DEADCODE defects and re-adds the Coverity Scan badge to the README.

Coverity fixes

• CID 1695273 (wc_CoseMac_Create) and CID 1695272 (wc_CoseMac_Verify): the HMAC dispatch block freed the Hmac and reset hmacInited = 0 in-block, making the function-end cleanup if (hmacInited != 0) unreachable. Removed the redundant in-block free so the single function-end cleanup is the sole reachable free path — matching the existing wc_CoseMac0_Create idiom.
• CID 1695271 (wc_CoseMac0_Create): the macPayload == NULL && macPayloadLen > 0 guard is unreachable because the all-NULL payload/detached pair is already rejected above, so macPayload is always non-NULL on success. Removed the dead check.
• CID 1690648 (wolfCose_CBOR_DecodeHead): the bstr/tstr length check item->val > (uint64_t)SIZE_MAX is dead on 64-bit targets where SIZE_MAX == UINT64_MAX. Reworked the bounds check to compare the 64-bit CBOR length directly against the remaining buffer bytes (item->val > (uint64_t)(ctx->bufSz - ctx->idx)), which rejects any oversize length as malformed on every platform without a size_t truncation hazard — eliminating the dead branch with no preprocessor identifier comparison (keeps MISRA Rule 20.9 clean).

README

Added the Coverity Scan build-status badge ahead of the existing CI/Skoll/Fenrir badges.

Testing

• make clean && make && make test — all tests pass.
• cppcheck --addon=misra — no Rule 20.9 (or other new) violations.