fix: Harden against integer underflow in JUMBF box parsers

[ak-singh]

Vulnerability

7 functions in sdk/src/jumbf/boxes.rs compute size - HEADER_SIZE on attacker-controlled size values without first validating size >= HEADER_SIZE. A 207-byte malformed JPEG with a JUMBF box declaring
size = 4 triggers attempt to subtract with overflow during JUMBF structural parsing.

Fix

Replace size - HEADER_SIZE with size.checked_sub(HEADER_SIZE).ok_or(InvalidBoxHeader)? at each of the 7 reported sites:

• read_json_box
• read_cbor_box
• read_padding_box
• read_jp2c_box
• read_brotli_box
• read_embedded_content_box
• read_super_box_impl unknown box handler

Tests

Added 7 regression tests covering all 7 fix paths.

Checklist

• This PR represents a single feature, fix, or change.
• All applicable changes have been documented.
• Any TO DO items have been entered as GitHub issues and the link has been included in a comment.