cid: harden CID string parsing bounds

[uink45]

Summary

• add bounded string-length scanning in CID text decode paths to avoid unbounded strlen() reads
• add explicit CIDV1_MAX_STRING_LENGTH contract and enforce it in cid_v1_from_string()
• extend CIDv0/CIDv1 tests for oversized and unterminated string inputs

Validation

• cmake --build --preset macos-full --target cid_v0 cid_v1 test_cid_v0 test_cid_v1
• ctest --preset macos-full -R '^(Testcid_v0|Testcid_v1)$' --output-on-failure
• ctest --preset macos-full -R '^(Testmultibase|Testcid_v0|Testcid_v1)$' --output-on-failure
• clang-format --style=file --dry-run --Werror include/multiformats/cid/cid_v1.h src/multiformats/cid/cid_v0.c src/multiformats/cid/cid_v1.c tests/multiformats/cid/test_cid_v0.c tests/multiformats/cid/test_cid_v1.c
• cppcheck --error-exitcode=1 --std=c99 --enable=warning,portability --quiet --suppress=missingIncludeSystem src/multiformats include/multiformats tests/multiformats src/peer_id include/peer_id tests/peer_id
• cppcheck --std=c99 --enable=all --check-level=exhaustive --quiet --suppress=missingIncludeSystem --suppress=':tests/' --addon=/opt/homebrew/share/cppcheck/addons/misra.py -I include src/multiformats/cid include/multiformats/cid tests/multiformats/cid