fix(SEC-WEB-30+31+36): Validate JSON.parse/localStorage deserialization

Add runtime type validation after all JSON.parse calls in the web app to
prevent runtime crashes from corrupted or tampered storage data. Creates a
shared safeJsonParse utility with type guard functions for each data shape
(Message[], ChatOverlayState, LayoutConfigRecord). All four affected
callsites now validate parsed data and fall back to safe defaults on
mismatch.

Files changed:
- apps/web/src/lib/utils/safe-json.ts (new utility)
- apps/web/src/lib/utils/safe-json.test.ts (25 tests)
- apps/web/src/hooks/useChat.ts (deserializeMessages)
- apps/web/src/hooks/useChat.test.ts (3 new corruption tests)
- apps/web/src/hooks/useChatOverlay.ts (loadState)
- apps/web/src/hooks/useChatOverlay.test.ts (3 new corruption tests)
- apps/web/src/components/chat/ConversationSidebar.tsx (ideaToConversation)
- apps/web/src/lib/hooks/useLayout.ts (layout loading)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

apps/web/src/hooks/useChat.ts

@@ -6,6 +6,7 @@
 import { useState, useCallback, useRef } from "react";
 import { sendChatMessage, type ChatMessage as ApiChatMessage } from "@/lib/api/chat";
 import { createConversation, updateConversation, getIdea, type Idea } from "@/lib/api/ideas";
+import { safeJsonParse, isMessageArray } from "@/lib/utils/safe-json";
 
 export interface Message {
   id: string;
@@ -111,15 +112,10 @@ export function useChat(options: UseChatOptions = {}): UseChatReturn {
   }, []);
 
   /**
-   * Deserialize messages from JSON
+   * Deserialize messages from JSON with runtime type validation
    */
   const deserializeMessages = useCallback((json: string): Message[] => {
-    try {
-      const parsed = JSON.parse(json) as Message[];
-      return Array.isArray(parsed) ? parsed : [WELCOME_MESSAGE];
-    } catch {
-      return [WELCOME_MESSAGE];
-    }
+    return safeJsonParse(json, isMessageArray, [WELCOME_MESSAGE]);
   }, []);
 
   /**