Security Improvements

[jkyberneees]

Key changes (short)

• Hardened decapsulation to always return a 32‑byte implicit‑reject secret on any validation error (no throws / oracle leaks).
• Wrapped parsing/decryption/proof verification in safe try/catch paths; replaced raw ciphertext byte compare with fixed-length (SHA3‑256) hash compare.
• Added publicKey/secretKey consistency check (verify sha3_256(serializePublicKey(pk)) === secretKey.publicKeyHash) during decapsulation.
• Added strict bounds/format checks and component size caps to deserializers (SLSS/TDD/EGRW, signature), preventing out-of-bounds and trivial large‑allocation DoS.
• Increased per-component MAX_PART cap (1MB → 8MB) to support MOS‑256 key sizes (MOS‑256 SLSS component ≈ 3MB).
• Added isNativeShake256Available() and README guidance warning about SHAKE256 fallback (counter-mode SHA3 fallback is not a standard XOF).
• Added unit tests for malformed / tampered ciphertext handling: kem-malformed.test.ts (proof tamper, truncated ciphertext, malformed fragment lengths, publicKey mismatch).
• Updated SECURITY_REPORT.md (added VULN‑014 entry) and README note for SHAKE/XOF.