Implement max input dimensions and path traversal validation

- Reject input images exceeding MaxInputDimension (8192px) to prevent DoS
- Detect path traversal: ../, encoded variants, backslashes, null bytes

internal/imgcache/processor.go

@@ -53,6 +53,11 @@ func (p *ImageProcessor) Process(
 	origWidth := bounds.Dx()
 	origHeight := bounds.Dy()
 
+	// Validate input dimensions to prevent DoS via decompression bombs
+	if origWidth > MaxInputDimension || origHeight > MaxInputDimension {
+		return nil, ErrInputTooLarge
+	}
+
 	// Determine target dimensions
 	targetWidth := req.Size.Width
 	targetHeight := req.Size.Height