varbin: Fix handle private field by accident

[xchacha20-poly1305]

• If a field named _, CanSet() returns false.
• Or (||) operation skips CanSet() check, causing panic.

[xchacha20-poly1305]

Another bug:

Write incorrectly applies reflect.Indirect to the input rawData before passing it to the internal write function. This causes a panic when a nil pointer is passed because reflect.Indirect returns an invalid reflect.Value, and the subsequent error handling path attempts to call .String() on a nil type.

Furthermore, stripping the pointer type at the top level causes the encoder to bypass the pointer-handling logic that writes a presence marker (0 or 1). Because the Read function expects this marker to determine if it should allocate memory, the lack of this byte causes a protocol mismatch, leading to data corruption or decoding failures.

Trying to fix this may breaks the protocol behavior, so I will not create a pull request to fix it.

[nekohasekai]

The *reflect portion of the varbin package appears to only include the following use cases:

1. geodb related code in sing-box that hasn't been completely removed.

2. libbox serialization in sing-box 1.12 (now replaced by gRPC).

Its original purpose was to prevent problems with manually written libbox serialization, but it seems to have many bugs, and I believe we can safely remove this package soon.

[nekohasekai]

I apologize for informing you that I am reverting your two fix commits because I pushed them to the sing-box stable branch without verifying compatibility, and they caused production breakage.

Since I will be removing the use of varbin serialization in 1.13, and 1.13 will soon be the new stable release, I also reverted them in sing dev for compatibility testing.