feat(xlang): add comprehensive read checks

[chaokunyang]

Why?

Deserializers should reject malformed or attacker-controlled payloads before they can drive invalid protocol state or oversized allocations. This PR hardens root header, metadata, size, and string reads across the xlang runtimes and updates the specs to match the validated wire format.

What does this PR do?

• Standardizes the root header bitmap so xlang uses bit 0, out-of-band uses bit 1, and reserved bits are rejected.
• Removes root-header null handling in favor of the normal root value encoding path.
• Hardens TypeDef and TypeMeta parsing with 52-bit body hashes, reserved/compression flag validation, root kind validation, and stricter metadata cache/skip behavior.
• Adds read-side guardrails for binary payloads, primitive arrays, collections/maps, strings, streams, varints, and trailing bytes across Java, C++, C#, Dart, Go, JavaScript, Python, Rust, and Swift.
• Adds Java public configuration for max binary and collection allocation sizes, and enables Rust UTF-8 string read validation by default.
• Expands focused malformed-payload tests and updates Java/xlang serialization specs to document the new header and metadata layouts.

Related issues

#1017

AI Contribution Checklist

• Substantial AI assistance was used in this PR: yes / no
• If yes, I included a completed AI Contribution Checklist in this PR description and the required AI Usage Disclosure.
• If yes, my PR description includes the required ai_review summary and screenshot evidence of the final clean AI review results from both fresh reviewers on the current PR diff or current HEAD after the latest code changes.

Does this PR introduce any user-facing change?

• Does this PR introduce any public API change?
• Does this PR introduce any binary protocol compatibility change?

Benchmark

Not applicable; this PR adds deserialization validation and protocol tests rather than benchmark changes.