GUACAMOLE-2002: Warn on clipboard truncation instead of silently dropping data

[escra]

Building on the configurable clipboard buffer work in GUACAMOLE-2002, this addresses a remaining silent-failure case: charset expansion during clipboard conversion can make the converted data outgrow the configured clipboard-buffer-size.

clipboard->available only bounds the input; it does not account for expansion such as UTF-8 ↔ UTF-16, CRLF translation, or multi-byte characters (e.g. emoji). guac_iconv() signals this by returning 0 (output buffer filled before all input was consumed), but the RDP (cliprdr) and VNC clipboard paths ignored that return value, so oversized clipboard transfers were silently truncated or dropped with no operator-visible signal.

Changes

• RDP cliprdr.c (both the clipboard request and the format_data_response directions) and VNC clipboard.c (end_handler and cut_text directions) now check the guac_iconv() return value.
• On truncation we emit a GUAC_LOG_WARNING naming the byte limit and pointing the operator at the clipboard-buffer-size setting.
• For inbound data the converted (possibly partial) text is still delivered/recorded rather than dropped entirely — truncated clipboard text is still useful — and the warning is logged afterwards.
• This preserves main's heap-allocated clipboard buffers (guac_mem_alloc(clipboard->available)) and the clipboard recording added in GUACAMOLE-1969.

Relation to #659 and reviewer feedback

This follows up on #659 (now closed). In that thread @bbennett-ks and @eugen-keeper raised that simply over-allocating the buffer (e.g. available * 4 to absorb worst-case expansion) is unsafe — with a 50 MiB clipboard-buffer-size that would mean pre-allocating up to 200 MiB per clipboard transfer.

This PR deliberately chooses detection + warning over pre-allocation: the allocation stays bound to the operator-configured clipboard-buffer-size, and overflow is reported cleanly (with partial delivery where possible) instead of either silently dropping data or ballooning memory. cc @bbennett-ks @eugen-keeper

Validation

• Unit: extended the guac_iconv CUnit suite with a truncation case (test_iconv__truncation) asserting a 0 return and no overflow for ASCII→UTF-16, CRLF, and emoji expansion.
• Container/CI: test_guacamole_2002_clipboard.sh and test_cliprdr_hardening.sh (static + functional checks), wired into our pipeline.
• E2E against a real guacd build: a 1 MiB clipboard transfer (the GUACAMOLE-2002 case) completes without crash/disconnect (session-clipboard suite: 21 passed); RDP + SSH sessions green.
• Honest status note: an XRDP large-buffer variant is still deferred due to a defective XRDP test target (not a guacd issue); further verification is ongoing. The PR can be treated as a draft until that completes if maintainers prefer.

Relates to / follows up on #659.

[necouchman]

Overall I'm fine with the changes - I do have one question: Is this worth trying to warn the user about rather than the admin? The logs will only go to the admin, but I'm wondering if sending a message to the user, similar to what we do for things like admins joining a session or file uploads would be useful?