Validate random and QR input bounds

[paulolokaux-sudo]

Summary

Adds explicit input validation for three operation edge cases so invalid numeric arguments return clear CyberChef operation messages instead of unhandled RangeErrors or silent empty output.

Fixes #2447.
Fixes #2448.
Fixes #2449.

Changes

• Validate Generate QR Code module size and margin before calling qr-image.
• Validate Pseudo-Random Number Generator byte count before allocating/generating bytes.
• Validate Pseudo-Random Integer Generator count before generating output.
• Add operation tests for the invalid input recipes from the linked issues.

Verification

• npx grunt configTests
• Targeted Chef checks for the issue reproduction recipes
• npm run lint
• npm test
  • Node API tests: 244/244 passing
  • Operation tests: 1940/1940 passing
• Browser verification via local npm start and Playwright MCP against the issue deep links
• npm run build

Note: npm run build completed successfully. During build, Webpack Bundle Analyzer printed existing ENOENT parsing warnings for worker bundle names while generating its report, then webpack compiled successfully and Grunt finished with Done.

[CLAassistant]

All committers have signed the CLA.

[GCHQDeveloper581]

Please could you add an AI Disclosure statement in the PR description.

The template added when manually creating a PR reads:

AI disclosure
If you have used any AI tools while creating this code, you must declare your usage along with the name of the tools that you used.
Regardless of AI tool usage, you are responsible for any code that you submit, and we expect you to have checked the code and have enough of an understanding of it to answer any questions we might have.

[GCHQDeveloper581]

Closing as 2 out of 3 issues have been fixed by the new automated validation framework (#2561) and the remaining one is better fixed by using that framework - and #2586 includes this fix.

However thanks for your contribution.

The creation of the validation framework was inspired by the realisation that multiple PRs of this nature would otherwise need to be created in order to address these types of issue.