Bug uncovered by the (original) test case for bug no
27597980: When ICU parses an identifier for a capture group,
it tries to read the character after the '$' sign regardless
of whether there is one or not. However in the
(syntactically incorrect) case that the replacement string
ends with '$', we get undefined behavior since that piece of
memory is unitinitalized.

This has been reported to ICU as Bug no 13632 in their
system: http://bugs.icu-project.org/trac/ticket/13632

We work around it in MySQL by replacing the current mix of
std::vector and String with std::basic_string<UChar> in
sql/regexp, paying back a design debt in the
process. Incidentally, this fixes the valgrind warning. The
reason is that std::basic_string guarantees null-termination
in C++11.

While we're at it, we also reserve() the size of the subject
string up front in REGEXP_REPLACE(). This changes the
effective maximum size of the result of the function, and
thus a test case changes.

Change-Id: Ia49ea08fbcfd50ffbfc24e79d909978c51d0e19b