guava: add BloomFilterReadFromFuzzer for deserialization coverage

[swornim619]

This PR adds a new fuzz target that exercises the BloomFilter.readFrom()
deserialization path, which was not previously covered by any existing
OSS-Fuzz fuzz target for the guava project.

What this covers

BloomFilter.readFrom() parses a binary serialized format:

• byte strategyOrdinal
• byte numHashFunctions
• int dataLength
• long[dataLength] data

This deserialization path was not covered by existing guava fuzz targets.

Fuzzer behavior

The fuzzer feeds arbitrary byte sequences into BloomFilter.readFrom()
via ByteArrayInputStream and calls mightContain() on successfully
deserialized filters. OutOfMemoryError conditions are reported as
FuzzerSecurityIssueCritical findings with diagnostic metadata including
dataLength, requested allocation size, and amplification factor.

Testing

Verified locally:

python3 infra/helper.py build_image guava
python3 infra/helper.py build_fuzzers --sanitizer address guava
python3 infra/helper.py run_fuzzer guava BloomFilterReadFromFuzzer
python3 infra/helper.py reproduce guava BloomFilterReadFromFuzzer

Fuzzer successfully identifies out-of-memory conditions triggered by
crafted serialized input.

[google-cla]

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

[github-actions]

swornim619 is a new contributor to projects/guava. The PR must be approved by known contributors before it can be merged. The past contributors are: hunsche, cpovirk, Marcono1234, henryrneh, fmeum, aschaich, onionpsy