Guard base64 data URL image decoding against unbounded memory allocation (#10)

* Initial plan

* Add pre/post-decode size guards for data URL base64 images

Co-authored-by: jacobjmc <111402762+jacobjmc@users.noreply.github.com>

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: jacobjmc <111402762+jacobjmc@users.noreply.github.com>

Author: Copilot

src-tauri/src/shared/codex_core.rs

@@ -1129,9 +1129,16 @@ fn persist_data_image_to_temp_file(data_url: &str) -> Option<String> {
     if !metadata.starts_with("image/") {
         return None;
     }
+    let estimated_len = encoded.len().saturating_mul(3) / 4;
+    if estimated_len > URL_IMAGE_MAX_BYTES {
+        return None;
+    }
     let bytes = base64::engine::general_purpose::STANDARD
         .decode(encoded)
         .ok()?;
+    if bytes.len() > URL_IMAGE_MAX_BYTES {
+        return None;
+    }
 
     let mut hasher = DefaultHasher::new();
     metadata.hash(&mut hasher);