feat(storage): implement GCS overrun logging and resume prevention

[v-pratap]

This commit implements overrun logging, satisfied-resume prevention, and server-side transcoding bypass for both the synchronous and asynchronous GCS download paths.

Synchronous Path:

• Introduced a private 'OverrunLoggingObjectReadSource' decorator inside 'object_read_streambuf.cc' that wraps the transport source to track received bytes lock-free.
• Logs a warning with the exact overshoot byte count, bucket, and object name if GCS sends more bytes than requested.
• Leaves 'object_read_streambuf.h' and 'object_read_stream.h' completely clean, untouched, and thread-safe.

Asynchronous Path (gRPC BiDi Stream & Streaming Reader):

• Integrated chunk-level byte tracking inside 'ReadRange' and 'AsyncReaderConnectionResume'.
• Under server-side transcoding (gzip), suppresses overrun warnings and bypasses checksum validation failures (since decompressed bytes naturally exceed the compressed request and mismatch the original checksums).
• Implemented satisfied-resume prevention: if a connection fails but the requested number of bytes has already been received, we refuse to reconnect to prevent GCS from sending unwanted extra bytes, and return Status::OK directly, masking any subsequent stream errors.
• Defined overloaded constructors to maintain 100% backward compatibility for all existing tests and client code.

[gemini-code-assist]

Code Review

This pull request introduces overrun logging and transcoding detection when reading objects from GCS, updating classes like ReadRange, AsyncReaderConnectionResume, and ObjectReadStreambuf to track received bytes and suppress warnings or checksum validation for transcoded data. The code review identified several critical issues: data races in ObjectDescriptorImpl::OnRead due to accessing metadata_ after unlocking and in AsyncReaderConnectionResume::Reconnect due to accessing impl_ without a lock; potential undefined behavior from signed integer overflow when negating p.start at its minimum value; duplicated overrun check logic in OverrunLoggingObjectReadSource; and a bug where casting a negative requested_length_ to std::size_t causes an unsigned wrap-around, bypassing the overrun check.

[codecov]

Codecov Report

❌ Patch coverage is 98.61751% with 9 lines in your changes missing coverage. Please review.
✅ Project coverage is 92.21%. Comparing base (ce5aa34) to head (5a7d764).

Files with missing lines	Patch %	Lines
...d/storage/internal/async/object_descriptor_impl.cc	80.00%	3 Missing ⚠️
...le/cloud/storage/internal/async/read_range_test.cc	98.27%	2 Missing ⚠️
...le/cloud/storage/internal/object_read_streambuf.cc	95.45%	2 Missing ⚠️
google/cloud/storage/internal/async/read_range.cc	95.83%	1 Missing ⚠️
...storage/internal/async/reader_connection_resume.cc	96.55%	1 Missing ⚠️

Additional details and impacted files

@@           Coverage Diff            @@
##             main   #16150    +/-   ##
========================================
  Coverage   92.20%   92.21%            
========================================
  Files        2264     2264            
  Lines      209092   209725   +633     
========================================
+ Hits       192802   193405   +603     
- Misses      16290    16320    +30     

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[kalragauri]

Overall looks good - added some minor comments.

[kalragauri]

Should we do this if we have satisfied the requested length, even if range_end is false?

[v-pratap]

I think yes, Once we get all the bytes the user asked for, the download is basically done. If we wait for the server to close the stream, any sudden network drop in the meantime would fail the download, even though we already have all the data. Completing immediately avoids this issue.