Additional Hex parsing checks to ConnectionId and Identity (#3988)

# Description of Changes
This PR fixes Release-only flakiness in C# runtime/property tests by
making `ConnectionId` / `Identity` parsing and related low-level byte
decoding strict about input length.

Previously, length validation relied on `Debug.Assert`, which is
compiled out in Release builds. That meant malformed inputs
(wrong-length spans/strings) could slip through in Release and produce
inconsistent behavior.

Changes:

* Updated `ConnectionId.FromHexString(string hex)` to throw when the
input is not exactly 32 hex characters.
* Updated `Identity.FromHexString(string hex)` to throw when the input
is not exactly 64 hex characters.
* Updated `Util.Read(ReadOnlySpan source, bool littleEndian)` to throw
an `ArgumentException` when `source.Length != sizeof(T)` (instead of
relying on `Debug.Assert`), preventing Release-mode “partial reads” from
incorrectly-sized spans.
# API and ABI breaking changes
None.
* No schema or wire-format changes.
* Behavior change is limited to stricter validation of invalid/malformed
inputs for `ConnectionId` / `Identity` parsing and internal runtime
decoding. Valid inputs are unaffected.
# Expected complexity level and risk
2 - Low
* Changes are isolated to the C# BSATN runtime input validation paths.
* No impact on valid serialization/normal runtime behavior; only affects
invalid inputs and makes behavior consistent between Debug and Release.
# Testing
- [X] Ran C# BSATN runtime tests locally (Debug + Release) and verified
they pass.

Author: rekhoff

crates/bindings-csharp/BSATN.Runtime/Builtins.cs

@@ -53,10 +53,13 @@ public static string ToHexBigEndian<T>(T val)
     public static T Read<T>(ReadOnlySpan<byte> source, bool littleEndian)
         where T : struct
     {
-        Debug.Assert(
-            source.Length == Marshal.SizeOf<T>(),
-            $"Error while reading ${typeof(T).FullName}: expected source span to be {Marshal.SizeOf<T>()} bytes long, but was {source.Length} bytes."
-        );
+        var expectedSize = Marshal.SizeOf<T>();
+        if (source.Length != expectedSize)
+        {
+            throw new ArgumentException(
+                $"Error while reading {typeof(T).FullName}: expected source span to be {expectedSize} bytes long, but was {source.Length} bytes."
+            );
+        }
 
         var result = MemoryMarshal.Read<T>(source);
 
@@ -166,8 +169,18 @@ public readonly record struct ConnectionId
     /// </summary>
     /// <param name="hex"></param>
     /// <returns></returns>
-    public static ConnectionId? FromHexString(string hex) =>
-        FromBigEndian(Util.StringToByteArray(hex));
+    public static ConnectionId? FromHexString(string hex)
+    {
+        if (hex.Length != 32)
+        {
+            throw new ArgumentException(
+                $"Expected ConnectionId hex string to be 32 characters long, but was {hex.Length}.",
+                nameof(hex)
+            );
+        }
+
+        return FromBigEndian(Util.StringToByteArray(hex));
+    }
 
     public static ConnectionId Random()
     {
@@ -268,7 +281,18 @@ public static Identity FromBigEndian(ReadOnlySpan<byte> bytes) =>
     /// </summary>
     /// <param name="hex"></param>
     /// <returns></returns>
-    public static Identity FromHexString(string hex) => FromBigEndian(Util.StringToByteArray(hex));
+    public static Identity FromHexString(string hex)
+    {
+        if (hex.Length != 64)
+        {
+            throw new ArgumentException(
+                $"Expected Identity hex string to be 64 characters long, but was {hex.Length}.",
+                nameof(hex)
+            );
+        }
+
+        return FromBigEndian(Util.StringToByteArray(hex));
+    }
 
     // --- auto-generated ---
     public readonly struct BSATN : IReadWrite<Identity>