Orphan transactions were stored as a CDataStream pointer; this changes the mapOrphanTransactions data structures to store orphans as a CTransaction.
This also fixes CVE-2013-4627 by always re-serializing transactions before relaying them.
And I cleaned up the "tx" message-handling code a little (it was re-using 'inv' and 'tx' variables, which is error-prone and confusing).
Tested by running against the main network with max orphans set to eleven, to exercise the add/remove/map overflow code.