We never documented whether returned strings for values whose
length is >= the buffer length passed in are null-terminated or not.
Previously, there were not, but most of our callers never checked.
Hence, we now force null termination.

Note that if someone passes a bogus length value, this will
now blow up where it formerly might not have.  I consider this a
value-added debugging feature...

Note also that this is unrelated to recent stated problems, but turned
up while looking for that bug!