fuzz: add initial fuzzing harness to flux-security using AFL++ and fix detected issues

.typos.toml

@@ -3,6 +3,7 @@ extend-exclude = [
   "config/*",
   "src/libtomlc99/*",
   "src/libtap/*",
+  "src/libutil/test/tomltk.c",
   "src/common/libutil/strlcpy*",
   "t/sharness.sh",
   "t/t0000-sharness.t"

FUZZING.md

@@ -0,0 +1,30 @@
+# Fuzzing flux-security
+
+Complete fuzzing documentation is available in [src/fuzz/README.md](src/fuzz/README.md).
+
+## Quick Start
+
+```bash
+# Install AFL++
+git clone https://github.com/AFLplusplus/AFLplusplus
+cd AFLplusplus && make && sudo make install
+
+# Build and fuzz
+cd flux-security
+CC=afl-clang-fast ./configure --enable-fuzzing
+make
+./scripts/fuzz.py start  # Auto-generates corpus if missing
+
+# Monitor progress
+./scripts/fuzz.py watch
+
+# Triage crashes
+./scripts/fuzz.py triage
+```
+
+See [src/fuzz/README.md](src/fuzz/README.md) for:
+- Detailed harness descriptions
+- Coverage expectations
+- Crash triage workflow
+- Integration with CI/CD
+- ClusterFuzzLite and OSS-Fuzz setup

configure.ac

@@ -63,6 +63,21 @@ AC_DEFINE([SANITIZERS_ENABLED], 1,
 [AC_MSG_RESULT(no)])
 AM_CONDITIONAL([SANITIZERS_ENABLED], [test "x$enable_sanitizers" != "xno" ])
 
+#
+#  If --enable-fuzzing, check that AFL compiler is being used
+#
+AC_MSG_CHECKING([whether to enable AFL fuzzing harnesses])
+AC_ARG_ENABLE([fuzzing],
+              AS_HELP_STRING([--enable-fuzzing], [Build AFL fuzzing harnesses]),
+[
+AC_MSG_RESULT($enableval)
+AS_CASE([$CC],
+        [*afl-clang-fast*|*afl-gcc*|*afl-clang*], [],
+        [AC_MSG_ERROR([--enable-fuzzing requires CC to be an AFL compiler (afl-clang-fast, afl-gcc, etc.)])])
+],
+[AC_MSG_RESULT(no)])
+AM_CONDITIONAL([ENABLE_FUZZING], [test "x$enable_fuzzing" = "xyes"])
+
 AC_CHECK_LIB(m, floor)
 
 #
@@ -182,6 +197,7 @@ AC_CONFIG_FILES( \
   src/libutil/Makefile \
   src/libca/Makefile \
   src/imp/Makefile \
+  src/fuzz/Makefile \
   doc/Makefile \
   doc/test/Makefile \
   etc/Makefile \