idl-spec: avoid panic on malformed array types (DoS fix)

[yukikm]

Fixes a panic in anchor-lang-idl-spec when parsing malformed array type strings (e.g. "[u8 32]").

• Replaces unwrap() with Result propagation + structured errors
• Adds regression tests

Write-up: https://github.com/yukikm/superteam-solana-audit-writeups/blob/main/anchor-idl-array-no-panic.md

[vercel]

Someone is attempting to deploy a commit to the Solana Foundation Team on Vercel.

A member of the Team first needs to authorize it.

[Copilot]

Pull request overview

This PR fixes a Denial of Service (DoS) vulnerability in the anchor-lang-idl-spec parser by replacing panic-inducing unwrap() calls with proper error handling when parsing malformed array type strings.

Changes:

• Converts array_from_str function to return Result<IdlType, anyhow::Error> instead of IdlType
• Replaces .rsplit_once(';').unwrap() with proper error handling via ok_or_else
• Replaces IdlType::from_str(raw_type).unwrap() with map_err for contextual error messages
• Adds two regression tests covering the fixed panic scenarios

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[yukikm]

Note: the failing status is from Vercel preview ("Authorization required to deploy") which is expected for fork PRs. This change is limited to idl/spec panic-hardening + tests; cd idl/spec && cargo test passes locally.

[jamie-osec]

As with other PRs, conflicts with #4247, so I'm closing.
Please don't blindly use AI to spam our PR queue.