fix(client): guard against int overflow in ClientWithAttachments marshal

CodeQL flagged go/allocation-size-overflow on len(rec)+len(extra) feeding
make's capacity. Not exploitable in practice (both come from json.Marshal
of bounded structs), but add an explicit MaxInt guard to silence the
analyzer and make the precondition obvious.

web/service/client.go

@@ -6,6 +6,7 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
+	"math"
 	"strings"
 	"sync"
 	"time"
@@ -47,6 +48,9 @@ func (c ClientWithAttachments) MarshalJSON() ([]byte, error) {
 	if len(rec) < 2 || rec[len(rec)-1] != '}' || len(extra) <= 2 {
 		return rec, nil
 	}
+	if len(extra) > math.MaxInt-len(rec) {
+		return rec, nil
+	}
 	out := make([]byte, 0, len(rec)+len(extra))
 	out = append(out, rec[:len(rec)-1]...)
 	if len(rec) > 2 {