fix(req): validate req.range size

[shivarm]

the req.range function to ensure the size parameter is a non-negative integer. If invalid, a TypeError is thrown with a descriptive message.

[bjohansebas]

This is a breaking change. I'm not entirely familiar with range, so I'll need to do some research before accepting it. Could you share a reference in the specification showing that it cannot be negative? That would make the review easier.

Also, if this change is accepted, a deprecation would be needed for v5. But for that, you could first share the spec reference.

[shivarm]

Reference by https://datatracker.ietf.org/doc/html/rfc7233#section-2.1

1. A byte-range request is satisfiable only if the resource is at least as large as the sum of the requested ranges. If the selected representation is shorter than the specified range(s), the server SHOULD return a 416 (Range Not Satisfiable) response.

2. A client can request a single range from a resource by specifying the start and end of the range, e.g., Range: bytes=0-499 for the first 500 bytes. The range values are non-negative decimal integers.

Why resource size must be non-negative

• The resource size represents the total length in bytes (or items) and cannot logically be negative.
• All range calculations (start, end) are based on non-negative integers.
• Negative values are not defined or supported in the spec and would not make sense for a resource length.

[bjohansebas]

A test is also missing for when the argument is a string, or an array, etc.