[dfont] Solve the mystery +2 offset thing!

[dfont] Solve the mystery +2 offset thing!

Previously, ResourceForkHeader was defined as 30 bytes, having the typeCountM1 as last member.
There was a mysterious offset-by-2 in the code, derived from FontTools and JDK code this was
ported from.

In testing, I observed that typeListZ offset is actually 28.  Suggesting that the typeCountM1
does NOT actually belong to ResourceForkHeader, but belongs to the array itself.  Adjusting for
that resolves the mystery +2 offset hack, so everything is clean and good now.

This, concludes my dfont hacking.  The code looks great now, and I'm happy to leave it.
Fuzzers might disagree though, we will see!