LimitedReader silently truncates instead of erroring on oversized files

[aider4ryder]

Summary

LimitedReader (introduced in commits 8e5145f and e3cf83d) limits recipient/identity files to 16 MiB and SSH keys to 16 KiB. However, when the limit is exceeded, LimitedReader::read returns Ok(0) (equivalent to normal EOF) instead of an error.

Problem

This means oversized files are silently truncated rather than rejected:

• A recipient file with valid recipients at the beginning and more recipients past the 16 MiB limit will succeed, but only encrypt to the recipients within the limit. Tail recipients are silently ignored.
• Invalid/malicious data appended after the limit boundary is never validated.
• This contradicts the changelog/API documentation semantics of "at most 16 MiB / 16 KiB" — users expect a hard rejection, not silent partial processing.

Impact

• Data availability: Users may believe a file was encrypted for all listed recipients, but tail recipients were silently dropped.
• Input validation gap: Post-limit content is never checked, weakening the security boundary these limits were meant to enforce.

Suggested Fix

After LimitedReader exhausts its byte budget, probe the underlying reader for additional data. If any exists, return io::ErrorKind::InvalidData (or a dedicated size-limit error) instead of Ok(0).

Consider adding tests with "valid prefix + oversized tail" inputs to assert error behavior.

Affected Code

• age/src/util.rs — LimitedReader implementation
• age/src/cli_common/recipients.rs — read_recipients_list
• age/src/identity.rs — IdentityFile::parse_identities
• age/src/cli_common/identities.rs — SSH identity parsing