Add ImageContentPolyglotValidator to prevent polyglot file uploads

[asannikov]

Summary
This PR introduces a new plugin, ImageContentPolyglotValidator, to enhance the security of image uploads by scanning the actual content of base64-encoded data for malicious PHP markers and polyglot signatures.

Problem
Existing checks primarily focus on file extensions, which can be bypassed by "polyglot" files—files that are valid images (e.g., starting with a GIF header) but also contain executable PHP code (e.g., GIF89a;<?php ...).

Solution
The new ImageContentPolyglotValidator plugin:

• Intercepts Magento\Framework\Api\ImageContentValidator::isValid.
• Decodes the base64 image data.
• Scans the decoded content for a set of dangerous markers, including <?php, eval(, base64_decode, and the specific GIF89a;<? signature.
• Throws an InputException if any dangerous content is detected.

Key Changes

• Added MarkShust\PolyshellPatch\Plugin\ImageContentPolyglotValidator.
• Updated etc/di.xml to register the new plugin.
• Added comprehensive unit tests in Test/Unit/Plugin/ImageContentPolyglotValidatorTest.php to verify:
  • Valid GIF payloads pass.
  • PHP code in the payload is rejected.
  • Polyglot payloads (e.g., GIF89a;<?php ...) are rejected.
  • Invalid base64 encoding is handled correctly.