fix: add input validation to prevent remote crash from empty/malformed PDUs

Add length checks in from_bytes() for ATT and SMP protocol parsers
to prevent IndexError crashes from empty PDUs sent by remote Bluetooth
devices. Also add buffer size limit and UTF-8 error handling in HFP
protocol to prevent memory exhaustion and decode crashes.

- bumble/att.py: validate PDU is non-empty before accessing pdu[0]
- bumble/smp.py: validate PDU is non-empty before accessing pdu[0]
- bumble/hfp.py: limit buffer to 64KB, handle invalid UTF-8 gracefully

These issues can be triggered by a remote Bluetooth device sending
malformed packets, causing denial of service on the host.

bumble/hfp.py

@@ -84,12 +84,15 @@ class HfpProtocol:
     def feed(self, data: bytes | str) -> None:
         # Convert the data to a string if needed
         if isinstance(data, bytes):
-            data = data.decode('utf-8')
+            data = data.decode('utf-8', errors='replace')
 
         logger.debug(f'<<< Data received: {data}')
 
         # Add to the buffer and look for lines
         self.buffer += data
+        if len(self.buffer) > 65536:
+            logger.warning("HFP buffer overflow, truncating")
+            self.buffer = self.buffer[-65536:]
         while (separator := self.buffer.find('\r')) >= 0:
             line = self.buffer[:separator].strip()
             self.buffer = self.buffer[separator + 1 :]