PPM decoder accepts truncated pixel data and violates the core Image invariant

[hourianto]

A malformed PPM can declare large width and height but provide too little pixel data. The decoder replaces result.data with a shorter sequence without checking that data.len == width * height, producing an inconsistent Image and creating downstream memory-safety risk in release builds.

# Run: nim r --path:src pocs/ppm_truncated_invariant_break.nim
import pixie

let payload = "P6\n10 10\n255\n" & "\x12\x34\x56"
let image = decodeImage(payload)

echo "decoded width: ", image.width
echo "decoded height: ", image.height
echo "decoded pixels: ", image.data.len
echo "expected pixels: ", image.width * image.height

if image.data.len == image.width * image.height:
  quit("PoC did not reproduce the invariant break", 1)