refactor(payload): mark in-function invariants as unreachable!()

[goxberry]

What does this PR do?

Converts 6 .expect() sites in lading_payload to .unwrap_or_else(... unreachable!("...")). Each site is guarded by an invariant established earlier in the same function or at type/pool construction.

Sites

File:line	Site	Local invariant
block.rs:752	bytes.len().try_into() → u32 in construct_block	bytes is sized by chunk_size: u32; bytes.len() <= chunk_size
common/strings/random_string_pool.rs:125	lower_idx.try_into() → u32	lower_idx < self.inner.len(); pool length asserted ≤ u32::MAX at with_size line 35
common/strings/random_string_pool.rs:127	bytes.try_into() → u32	bytes < self.inner.len(); same assert
common/strings/string_list_pool.rs:253	u32::try_from(idx) in range_value_at	idx bounded by range length, which fits in u32 by parser construction
common/strings/string_list_pool.rs:256	char::from_u32(*start as u32 + offset)	*start..=*end is a parser-validated Unicode scalar range
common/strings/string_list_pool.rs:260	u32::try_from(idx) (Number variant)	same as line 253

Why this PR is separate from #1885

Both PRs convert .expect() to unwrap_or_else(... unreachable!()). The split is by where the invariant lives: #1885 (Group A) handles five sites inside Result-returning functions where the agent initially recommended ?-propagation; this PR (Group B) handles six sites where the surrounding function does not return Result, so the only options were .expect() or unreachable!(). The treatment ends up identical, but reviewing them in one batch made the inventory harder to follow.

Motivation

Fourth per-crate cleanup PR in the stack started by #1882. Remaining sub-stack:

• Group C (next): ~16 .expect() sites where the message is the contract (handle-table lookups, documented API panics) — annotated with #[expect(clippy::expect_used, reason = "...")].
• Group D: real bug fix at block.rs:123 (the arbitrary::Arbitrary impl for Block can panic when u32::arbitrary returns 0).
• Final: drop the lading_payload quarantine.

Related issues

Stacked on #1885.

Additional Notes

• cargo build --all-targets --all-features ✓
• cargo clippy --all-targets --all-features ✓
• cargo test -p lading-payload --lib ✓ (244 passed)
• No public-API change. Diff: 4 files (3 src + CHANGELOG), +26 −6.

[goxberry]

Warning

This pull request is not mergeable via GitHub because a downstack PR is open. Once all requirements are satisfied, merge this PR as a stack on Graphite.
Learn more

• fix(lading): surface tooling/FUSE-mount panics as errors #1904
• fix(lading): surface remote-input parsing failures as errors #1903
• fix(lading): surface user-config parsing failures as Error variants #1902
• refactor(lading): drop expect_used quarantines and annotate bins #1901
• refactor(lading): annotate intentional-panic observer/target sites #1900
• refactor(lading): annotate intentional-panic network generators #1899
• refactor(lading): annotate intentional-panic file_gen sites #1898
• refactor(lading): annotate intentional-panic blackhole + small generator sites #1897
• refactor(lading): convert structural-infallible .expect() to unreachable!() #1896
• refactor(capture): retire .expect() sites and drop quarantines #1894
• refactor(payload): retire remaining .expect() sites and drop quarantine #1893
• fix(payload): reject zero-byte arbitrary input for Block #1892
• refactor(payload): annotate intentional-panic .expect() sites #1891
• refactor(payload): mark in-function invariants as unreachable!() #1890 👈 (View in Graphite)
• refactor(payload): mark fallible-context infallibles as unreachable!() #1885
• refactor(payload): mark infallible .expect() sites as unreachable!() #1884
• chore(clippy): drop expect_used quarantine for lading_throttle #1883
• chore(clippy): forbid .expect() in production code #1882
• main

This stack of pull requests is managed by Graphite. Learn more about stacking.