manifest: bounded parser and resource-limit policy

[Fieldnote-Echo]

Motivation

Downstream tools such as ordgrep need the manifest/verifier layer to fail closed on hostile or corrupt local metadata without requiring every caller to invent its own size ceilings. The current open manifest issues cover publishability, auxiliary artifacts, verified-load planning, cache API, and unified reports, but not an explicit bounded-parser/resource policy.

Scope

• Define maximum sizes for manifest JSON, row-map JSONL lines, auxiliary artifact declaration counts, report output, and cache metadata where applicable.
• Add streaming or bounded readers where full-file parsing would otherwise allocate unbounded memory.
• Make limits explicit in VerifyOptions with safe defaults and documented override behavior.
• Return stable error codes for size/limit failures.
• Apply the same limits to CLI and library verification paths.

Acceptance Criteria

• Oversized manifest files fail before unbounded allocation.
• Oversized row-map JSONL lines fail with a stable error code.
• Excessive auxiliary artifact declarations fail deterministically once manifest: verify named auxiliary artifacts beside an index #144 lands.
• Report size growth is bounded or documented with caller-controlled limits.
• Tests cover limit hits, exact-boundary successes, and override behavior.

Non-Goals

• No signing/key-management policy.
• No registry trust decision.
• No attempt to make large valid indexes cheap to hash; this is about metadata/parser bounds.