feat: add top-level cargo-fuzz harness for protocol wire parser

[oferchen]

Summary

• Scaffolds a top-level fuzz/ crate following the canonical cargo-fuzz layout, with a single minimal target (protocol_wire) that drives protocol::BorrowedMessageFrames against arbitrary bytes from libFuzzer.
• The multiplex frame decoder is the highest-level entry point that consumes bytes from network peers, so coverage-guided exploration fans out into header validation, payload-length checks, and message-code decoding without needing per-path harnesses.
• Excludes the fuzz crate from the root workspace so libfuzzer-sys does not leak into ordinary cargo build runs. A complementary crates/protocol/fuzz/ workspace already ships specialised targets (varint, delta, legacy greeting); the new top-level harness is the recommended starting point for new contributors and for CI integration.

Motivation

The protocol parser handles untrusted bytes from network peers. A malformed packet from a hostile sender could exploit a parser bug. Upstream rsync ships no published fuzzing harness despite the same attack surface, so adding one on the Rust side is a clear hardening win. This PR sets up the scaffold; actual long-running fuzz campaigns and corpus seeding are tracked separately.

Follow-up work

• Add conversion helpers between BandwidthLimit and shared components #1195 - seed an adversarial corpus
• Add whitespace rejection tests for bandwidth parser #1291 - filter rule fuzz target
• Add Default implementation for recorded sleep session guard #1293 - 24h sustained fuzz run in CI
• Add support for --no-bwlimit #1304 - dedicated wire-format fuzz target
• xtask: enforce systemd doc branding #2103 - SIMD parity fuzz target

Test plan

• cargo +nightly fuzz run protocol_wire -- -max_total_time=60 smoke-runs cleanly locally
• cargo build --workspace still succeeds (fuzz crate is excluded from the root workspace)
• cargo fmt --all -- --check
• cargo clippy --workspace --all-targets --all-features --no-deps -- -D warnings