The CHECK_IS_BINARY_UPGRADE macro is not sufficient security protection
if we're going to dereference pass-by-reference arguments before it.

But in any case we really need to explicitly check PG_ARGISNULL for all
the arguments of a non-strict function, not only the ones we expect null
values for.

Oversight in commits 30982be4 and
f92fc4c9.  Found by Andreas Seltenreich.
(The other usages in pg_upgrade_support.c seem safe.)