Feature/verify key decoder defense

[godamongstmen897]

Summary

Closes #464. Implements defensive input validation and normalizing strategies inside the Web3 signature decoding routine to guarantee the backend rejects malformed raw bytes gracefully without panicking.

What Changed

• Defensive Normalization: Patched decodeSignature inside backend/src/routes/auth.ts to automatically strip spaces and 0x prefixes, evaluating multi-format variations safely (hex, base64, base64url).
• Invariant Enforcement: Added explicit buffer size-checking constraints to ensure decoded payloads align exactly with Ed25519 standard expectations (64 bytes) prior to signature parsing.
• Exception Boundary: Encapsulated malformed decoding faults within structured exceptions, converting unhandled runtime errors into clean, standard HTTP 401 Unauthorized responses.
• Verification Suites: Updated backend/test/run-tests.ts with explicit negative test vectors to verify that passing corrupted bytes triggers controlled rejections.

Testing & Validation

• Verified type compatibility and build profiles locally using npm run build.
• Validated negative assertions and bounds checks pass through structural mocks.

Closes #464

[vercel]

@godamongstmen897 is attempting to deploy a commit to the mAzI's projects Team on Vercel.

A member of the Team first needs to authorize it.

[Copilot]

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.

[soomtochukwu]

• If you could fix the merge conflict(s) ASAP
• see that the CI checks pass