Add fbounds-safety annotations for data.

Reasoning:

The `data` pointer in `WebPEstimateBestFilter` is annotated with
`WEBP_COUNTED_BY((size_t)height * width)`. This reflects the
allocation size found by tracing the call graph back to
`EncodeAlpha` (src/enc/alpha_enc.c:332), where the buffer is
allocated using `WebPSafeMalloc` with a size of `width * height`.
Although the function signature includes a `stride` parameter used
for pointer arithmetic (`data + j * stride` at
src/utils/filters_utils.c:44), the implementation implicitly assumes
`stride == width` for vertical and gradient filtering logic (e.g.,
accesses like `p[i - width]` at line 49). The only caller
(src/enc/alpha_enc.c:220) respects this assumption by passing `width`
as the `stride`. Therefore, `height * width` accurately represents
the required buffer size.

Bug: 432511821
Change-Id: I7d308cf8dcccd7d6128a17dbc0f7b177ee9282a1

src/utils/filters_utils.c

@@ -33,8 +33,9 @@ static WEBP_INLINE int GradientPredictor(uint8_t a, uint8_t b, uint8_t c) {
   return ((g & ~0xff) == 0) ? g : (g < 0) ? 0 : 255;  // clip to 8bit
 }
 
-WEBP_FILTER_TYPE WebPEstimateBestFilter(const uint8_t* data, int width,
-                                        int height, int stride) {
+WEBP_FILTER_TYPE WebPEstimateBestFilter(
+    const uint8_t* WEBP_COUNTED_BY((size_t)width* height) data, int width,
+    int height, int stride) {
   int i, j;
   int bins[WEBP_FILTER_LAST][SMAX];
   WEBP_UNSAFE_MEMSET(bins, 0, sizeof(bins));

src/utils/filters_utils.h

@@ -25,8 +25,9 @@ extern "C" {
 #endif
 
 // Fast estimate of a potentially good filter.
-WEBP_FILTER_TYPE WebPEstimateBestFilter(const uint8_t* data, int width,
-                                        int height, int stride);
+WEBP_FILTER_TYPE WebPEstimateBestFilter(
+    const uint8_t* WEBP_COUNTED_BY((size_t)width* height) data, int width,
+    int height, int stride);
 
 #ifdef __cplusplus
 }  // extern "C"