fix undefined behavior on 3.1

(https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=71220

)

OpenSSL 3.2 and later are not affected, because they use
a `safemath` to do integer arithmetics.

This change is specific to 3.1 and 3.0. It changes just
fixes ssl_session_calculate_timeout().

It avoids overflow by testing operands before executint
the operation. It is implemented as follows:

	add(a, b) {
		overflow = MAX_INT - a;
		if (b > overflow)
			result = b - overflow
		else
			result = a + b
	}

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25239)