fix: add API body size limits and memory content validation

[PyRo1121]

Summary

Add missing input validation to prevent resource exhaustion via unbounded request bodies and oversized memory content.

Changes

src/api/server.rs — API body size limit (M9)

Added DefaultBodyLimit::max(10 * 1024 * 1024) (10MB) as a layer on the API router.

Before: No body size limit — the multipart upload endpoint (/api/agents/ingest/upload) and other POST endpoints could accept arbitrarily large request bodies, risking memory exhaustion.

After: All API endpoints are capped at 10MB. This covers:

• JSON payloads (Json extractor — previously had axum's 2MB default, now explicitly set)
• Multipart file uploads (Multipart extractor — previously unlimited)
• Raw body reads

10MB is generous enough for file ingestion while preventing abuse.

src/tools/memory_save.rs — Memory content validation (M5)

Added three validation checks to the memory_save tool:

Check	Limit	Rationale
Content emptiness	Must not be empty	Prevents no-op memories polluting the graph
Content size	50,000 bytes max	Prevents oversized memories from bloating SQLite, LanceDB embeddings, and context windows during recall
Importance range	0.0–1.0	Schema declares this range but it wasn't enforced at runtime

Before: The LLM could save arbitrarily large content as a memory — a single 10MB memory would generate a massive embedding, bloat the vector index, and pollute any recall that retrieved it.

After: Content capped at 50KB (consistent with the existing MAX_TOOL_OUTPUT_BYTES limit used for tool output truncation). Importance validated at runtime, not just in the JSON schema.

What's NOT in this PR

These items were investigated and found to already be handled or to require maintainer design input:

Finding	Status	Notes
M7 (Cron validation)	✅ Already exists	MIN_CRON_INTERVAL_SECS=60, MAX_CRON_PROMPT_LENGTH=10000, ID format validation
M8 (Concurrent limits)	✅ Already exists	Per-channel worker/branch limits with check_worker_limit(), configurable via ArcSwap
H11 (MCP output sanitization)	✅ Already covered	SpacebotHook.on_tool_result() scans ALL tool outputs (including MCP) for leaked secrets
H6 (SSE auth)	✅ Already covered	All SSE endpoints behind api_auth_middleware
M2 (KDF hardening)	⏳ Needs design	SHA-256→HKDF/PBKDF2 would break existing encrypted secrets; requires migration strategy
M1 (Rate limiting)	⏳ Needs design	Requires new dependency + per-endpoint policy decisions
M4 (Worker resource guards)	⏳ Needs design	Wall-clock timeouts, global limits — architectural decision
M6 (Audit logging)	⏳ Needs design	Schema for security events, storage location
H14 (Memory delete auth)	⏳ Needs design	Ownership model — branches are trusted by design

Testing

• Both files pass rust-analyzer diagnostics with zero errors
• No functional behavior change for normal operation — only rejects oversized/invalid inputs