FIX: S360 Resolve [CodeQL.SM02986] 'Cast from char* to wchar_t* (microsoft#309)

### Work Item / Issue Reference  
<!-- 
IMPORTANT: Please follow the PR template guidelines below.
For mssql-python maintainers: Insert your ADO Work Item ID below (e.g.
AB#37452)
For external contributors: Insert Github Issue number below (e.g. microsoft#149)
Only one reference is required - either GitHub issue OR ADO Work Item.
-->

<!-- mssql-python maintainers: ADO Work Item -->
>
[AB#40019](https://sqlclientdrivers.visualstudio.com/c6d89619-62de-46a0-8b46-70b92a84d85e/_workitems/edit/40019)

[AB#40020](https://sqlclientdrivers.visualstudio.com/c6d89619-62de-46a0-8b46-70b92a84d85e/_workitems/edit/40020)

<!-- External contributors: GitHub Issue -->
> GitHub Issue: #<ISSUE_NUMBER>

-------------------------------------------------------------------
### Summary   
<!-- Insert your summary of changes below. Minimum 10 characters
required. -->
This pull request adds explanatory comments to several
`reinterpret_cast` statements in the `FetchLobColumnData` function
within `mssql_python/pybind/ddbc_bindings.cpp`, clarifying the safety of
these casts for CodeQL static analysis. The comments explain why casting
from `std::vector` data to wide character pointers is safe in this
context.

Code safety and documentation improvements:

* Added detailed comments to `reinterpret_cast<const
SQLWCHAR*>(chunk.data())` and similar casts, explaining alignment
guarantees and safe usage for CodeQL [SM02986] in both Windows and
Linux/macOS code paths.
[[1]](diffhunk://#diff-dde2297345718ec449a14e7dff91b7bb2342b008ecc071f562233646d71144a1L2406-R2408)
[[2]](diffhunk://#diff-dde2297345718ec449a14e7dff91b7bb2342b008ecc071f562233646d71144a1L2437-R2449)

<!-- 
### PR Title Guide

> For feature requests
FEAT: (short-description)

> For non-feature requests like test case updates, config updates ,
dependency updates etc
CHORE: (short-description) 

> For Fix requests
FIX: (short-description)

> For doc update requests 
DOC: (short-description)

> For Formatting, indentation, or styling update
STYLE: (short-description)

> For Refactor, without any feature changes
REFACTOR: (short-description)

> For release related changes, without any feature changes
RELEASE: #<RELEASE_VERSION> (short-description) 

### Contribution Guidelines

External contributors:
- Create a GitHub issue first:
https://github.com/microsoft/mssql-python/issues/new
- Link the GitHub issue in the "GitHub Issue" section above
- Follow the PR title format and provide a meaningful summary

mssql-python maintainers:
- Create an ADO Work Item following internal processes
- Link the ADO Work Item in the "ADO Work Item" section above  
- Follow the PR title format and provide a meaningful summary
-->

Author: gargsaumya

mssql_python/pybind/ddbc_bindings.cpp

@@ -8,6 +8,7 @@
 #include "connection/connection_pool.h"
 
 #include <cstdint>
+#include <cstring>  // For std::memcpy
 #include <iomanip>  // std::setw, std::setfill
 #include <iostream>
 #include <utility>  // std::forward
@@ -2463,10 +2464,11 @@ static py::object FetchLobColumnData(SQLHSTMT hStmt,
             } else {
                 // Wide characters
                 size_t wcharSize = sizeof(SQLWCHAR);
-                if (bytesRead >= wcharSize) {
-                    auto sqlwBuf = reinterpret_cast<const SQLWCHAR*>(chunk.data());
+                if (bytesRead >= wcharSize && (bytesRead % wcharSize == 0)) {
                     size_t wcharCount = bytesRead / wcharSize;
-                    while (wcharCount > 0 && sqlwBuf[wcharCount - 1] == 0) {
+                    std::vector<SQLWCHAR> alignedBuf(wcharCount);
+                    std::memcpy(alignedBuf.data(), chunk.data(), bytesRead);
+                    while (wcharCount > 0 && alignedBuf[wcharCount - 1] == 0) {
                         --wcharCount;
                         bytesRead -= wcharSize;
                     }
@@ -2495,14 +2497,18 @@ static py::object FetchLobColumnData(SQLHSTMT hStmt,
     }
     if (isWideChar) {
 #if defined(_WIN32)
-        std::wstring wstr(reinterpret_cast<const wchar_t*>(buffer.data()), buffer.size() / sizeof(wchar_t));
+        size_t wcharCount = buffer.size() / sizeof(wchar_t);
+        std::vector<wchar_t> alignedBuf(wcharCount);
+        std::memcpy(alignedBuf.data(), buffer.data(), buffer.size());
+        std::wstring wstr(alignedBuf.data(), wcharCount);
         std::string utf8str = WideToUTF8(wstr);
         return py::str(utf8str);
 #else
         // Linux/macOS handling
         size_t wcharCount = buffer.size() / sizeof(SQLWCHAR);
-        const SQLWCHAR* sqlwBuf = reinterpret_cast<const SQLWCHAR*>(buffer.data());
-        std::wstring wstr = SQLWCHARToWString(sqlwBuf, wcharCount);
+        std::vector<SQLWCHAR> alignedBuf(wcharCount);
+        std::memcpy(alignedBuf.data(), buffer.data(), buffer.size());
+        std::wstring wstr = SQLWCHARToWString(alignedBuf.data(), wcharCount);
         std::string utf8str = WideToUTF8(wstr);
         return py::str(utf8str);
 #endif
@@ -2623,8 +2629,7 @@ SQLRETURN SQLGetData_wrap(SqlHandlePtr StatementHandle, SQLUSMALLINT colCount, p
                             uint64_t numCharsInData = dataLen / sizeof(SQLWCHAR);
                             if (numCharsInData < dataBuffer.size()) {
 #if defined(__APPLE__) || defined(__linux__)
-                                const SQLWCHAR* sqlwBuf = reinterpret_cast<const SQLWCHAR*>(dataBuffer.data());
-                                std::wstring wstr = SQLWCHARToWString(sqlwBuf, numCharsInData);
+                                std::wstring wstr = SQLWCHARToWString(dataBuffer.data(), numCharsInData);
                                 std::string utf8str = WideToUTF8(wstr);
                                 row.append(py::str(utf8str));
 #else