feat: add pedantic subject validation and max payload enforcement on PUB

Move max payload validation from the parser to ProcessPubAsync so the
server sends -ERR 'Maximum Payload Violation' and closes the connection
(matching Go reference client.go:2442). In pedantic mode, reject PUB
with wildcard subjects via -ERR 'Invalid Publish Subject' (client.go:2869).
Add disposed guard to SubList.Remove to prevent crash during shutdown.

src/NATS.Server/NatsClient.cs

@@ -169,7 +169,7 @@ public sealed class NatsClient : IDisposable
 
             case CommandType.Pub:
             case CommandType.HPub:
-                ProcessPub(cmd);
+                await ProcessPubAsync(cmd);
                 break;
         }
     }
@@ -220,11 +220,28 @@ public sealed class NatsClient : IDisposable
             sl.SubList.Remove(sub);
     }
 
-    private void ProcessPub(ParsedCommand cmd)
+    private async ValueTask ProcessPubAsync(ParsedCommand cmd)
     {
         Interlocked.Increment(ref InMsgs);
         Interlocked.Add(ref InBytes, cmd.Payload.Length);
 
+        // Max payload validation (always, hard close)
+        if (cmd.Payload.Length > _options.MaxPayload)
+        {
+            _logger.LogWarning("Client {ClientId} exceeded max payload: {Size} > {MaxPayload}",
+                Id, cmd.Payload.Length, _options.MaxPayload);
+            await SendErrAndCloseAsync(NatsProtocol.ErrMaxPayloadViolation);
+            return;
+        }
+
+        // Pedantic mode: validate publish subject
+        if (ClientOpts?.Pedantic == true && !SubjectMatch.IsValidPublishSubject(cmd.Subject!))
+        {
+            _logger.LogDebug("Client {ClientId} invalid publish subject: {Subject}", Id, cmd.Subject);
+            await SendErrAsync(NatsProtocol.ErrInvalidPublishSubject);
+            return;
+        }
+
         ReadOnlyMemory<byte> headers = default;
         ReadOnlyMemory<byte> payload = cmd.Payload;