Exclude a few lines from lcov coverage stats:

- "fail" branches in selftests
- "should never happen" errors in SSL
- cipher_xxx() failures in SSL
- some things that fail only if malloc() fails
- some things that fail only if fread/fwrite()/ftell() fails
  (after fopen() succeeded)
- some things that fail only if a parameter is invalid, but the parameter was
  actually validated earlier
- generated code in library/error.c
diff --git a/library/pem.c b/library/pem.c
index 541e870..57a120a 100644
--- a/library/pem.c
+++ b/library/pem.c
@@ -322,7 +322,7 @@
         return( MBEDTLS_ERR_PEM_INVALID_DATA + ret );
 
     if( ( buf = mbedtls_calloc( 1, len ) ) == NULL )
-        return( MBEDTLS_ERR_PEM_ALLOC_FAILED );
+        return( MBEDTLS_ERR_PEM_ALLOC_FAILED ); // LCOV_EXCL_LINE
 
     if( ( ret = mbedtls_base64_decode( buf, len, &len, s1, s2 - s1 ) ) != 0 )
     {
@@ -408,7 +408,7 @@
     }
 
     if( ( encode_buf = mbedtls_calloc( 1, use_len ) ) == NULL )
-        return( MBEDTLS_ERR_PEM_ALLOC_FAILED );
+        return( MBEDTLS_ERR_PEM_ALLOC_FAILED ); // LCOV_EXCL_LINE
 
     if( ( ret = mbedtls_base64_encode( encode_buf, use_len, &use_len, der_data,
                                der_len ) ) != 0 )