Validate string weight byte lengths during decoding

[dfgvaetyj3456356-hash]

This adds explicit validation for string tensor weight payloads while decoding TFJS weights.

Previously, the ArrayBuffer decode path could accept a malformed string weight whose length prefix declared more bytes than were actually present. ArrayBuffer slicing caps to the available bytes, so a truncated payload could be decoded as a shorter string instead of being rejected. The streaming path already failed on this class of malformed input; this change makes both paths reject incomplete string length prefixes or string payload bytes with a clear error.

Changes:

• Validate string length prefixes are complete before reading them.
• Validate each declared string payload has the exact number of bytes present.
• Add a decodeWeights regression for a truncated string tensor payload.

Validation:

• git diff --check
• Manual Node reproduction of the malformed string payload now rejects with: Invalid string tensor x: expected 10 bytes for string 0, found 1.

I also attempted the targeted Bazel test from a no-space Windows worktree. Bazel analysis started, but the Windows TypeScript worker failed before compiling tests because the generated shell wrapper under the Bazel execroot was missing (external/npm/@bazel/concatjs/bin/tsc_wrapped.sh). A direct TypeScript check was also blocked by missing repo dev dependencies/types in this fresh clone.