Validate random and QR input bounds

[paulolokaux-sudo]

Summary

Adds explicit input validation for three operation edge cases so invalid numeric arguments return clear CyberChef operation messages instead of unhandled RangeErrors or silent empty output.

Fixes #2447.
Fixes #2448.
Fixes #2449.

Changes

• Validate Generate QR Code module size and margin before calling qr-image.
• Validate Pseudo-Random Number Generator byte count before allocating/generating bytes.
• Validate Pseudo-Random Integer Generator count before generating output.
• Add operation tests for the invalid input recipes from the linked issues.

Verification

• npx grunt configTests
• Targeted Chef checks for the issue reproduction recipes
• npm run lint
• npm test
  • Node API tests: 244/244 passing
  • Operation tests: 1940/1940 passing
• Browser verification via local npm start and Playwright MCP against the issue deep links
• npm run build

Note: npm run build completed successfully. During build, Webpack Bundle Analyzer printed existing ENOENT parsing warnings for worker bundle names while generating its report, then webpack compiled successfully and Grunt finished with Done.

[CLAassistant]

All committers have signed the CLA.

[GCHQDeveloper581]

Please could you add an AI Disclosure statement in the PR description.

The template added when manually creating a PR reads:

AI disclosure
If you have used any AI tools while creating this code, you must declare your usage along with the name of the tools that you used.
Regardless of AI tool usage, you are responsible for any code that you submit, and we expect you to have checked the code and have enough of an understanding of it to answer any questions we might have.