Unchecked file_id from disk causes panic + crafted length causes OOM

Found via code audit. trigrep-index/src/reader.rs:104. files[file_id as usize] with no bounds check. Also read_posting_list:86 uses disk length for Vec::with_capacity - crafted u32::MAX = 24GB alloc.