crnlib: attempt to silence false positive CodeQL cpp/static-buffer-overflow

On the default case it wrongly reports as critical:

> Potential buffer-overflow: 'm_buf' has size 2 but 'm_buf[3]' may be accessed here.

Because it fails to understand that default only happens with m_buf size being 4.

Author: illwieckz

crnlib/crn_threaded_clusterizer.h

@@ -219,7 +219,7 @@ class threaded_clusterizer {
         double sum = 0;
 
         for (uint j = 0; j < N; j++)
-          sum += axis[j] * covar[i][j];
+          sum += static_cast<double>(axis[j]) * static_cast<double>(covar[i][j]);
 
         x[i] = static_cast<float>(sum);
 

crnlib/crn_tree_clusterizer.h

@@ -72,7 +72,7 @@ class tree_clusterizer {
       m_weightedVectors[i] = v * (float)weight;
       root.m_centroid += m_weightedVectors[i];
       root.m_total_weight += weight;
-      m_weightedDotProducts[i] = v.dot(v) * weight;
+      m_weightedDotProducts[i] = static_cast<double>(v.dot(v)) * static_cast<double>(weight);
       ttsum += m_weightedDotProducts[i];
     }
     root.m_variance = (float)(ttsum - (root.m_centroid.dot(root.m_centroid) / root.m_total_weight));
@@ -289,7 +289,7 @@ class tree_clusterizer {
           double sum = 0;
 
           for (uint j = 0; j < N; j++)
-            sum += axis[j] * covar[i][j];
+            sum += static_cast<double>(axis[j]) * static_cast<double>(covar[i][j]);
 
           x[i] = (float)sum;