Fix null deref of tok1->tokAt(-1) in usingMatch

`Token::tokAt(int)` may legitimately return nullptr (e.g. when `tok1`
sits at the very start of the token stream after earlier simplifications
and has no previous token), but the eType/eName check at tokenize.cpp:2725
calls `->tokType()` on it unconditionally and crashes (SIGSEGV, fault
address 0x50 == offset of Token::mTokType).

All sibling branches in the same function already null-check the previous
token through Token::Match(tok1->previous(), ...) which handles nullptr
internally — this one was simply overlooked. Pull the previous token into
a local and guard against nullptr; preserves existing behaviour when the
previous token does exist.

Reproducible deterministically on certain `using` patterns in real C++
projects (cppcheck 2.20.0 .. current main HEAD).

Backtrace:
  #0 Token::tokType (this=0x0) at lib/token.h:391
  #1 (anonymous namespace)::usingMatch  at lib/tokenize.cpp:2725
  #2 Tokenizer::simplifyUsing           at lib/tokenize.cpp:3201
  #3 Tokenizer::simplifyTokenList1
  #4 Tokenizer::simplifyTokens1
  #5 CppCheck::checkInternal

Author: savchenkomaxim

lib/tokenize.cpp

@@ -2722,8 +2722,11 @@ namespace {
             return false;
         }
 
-        if (tok1->tokAt(-1)->tokType() == Token::eType || tok1->tokAt(-1)->tokType() == Token::eName)
-            return false;
+        {
+            const Token *prev1 = tok1->tokAt(-1);
+            if (prev1 && (prev1->tokType() == Token::eType || prev1->tokType() == Token::eName))
+                return false;
+        }
 
         if (Token::Match(tok1->tokAt(-1), "class|struct|union|enum|namespace")) {
             // fixme