base32,base64: disallow non-canonical encodings

This will make decoding more resilient to corruption
whether due to transmission errors or nefarious adjustment.
See https://eprint.iacr.org/2022/361.pdf

* gnulib: Update to commit 3f463202bd enforcing canonical encoding.
* tests/basenc/base64.pl: Add test cases, and adjust existing cases.
* NEWS: Mention the change in behavior.

NEWS

@@ -19,6 +19,9 @@ GNU coreutils NEWS                                    -*- outline -*-
   base32 and base64 no longer require padding when decoding.
   Previously an error was given for non padded encoded data.
 
+  base32 and base64 have improved detection of corrupted encodings.
+  Previously encodings with non zero padding bits were accepted.
+
   basenc --base16 -d now supports lower case hexadecimal characters.
   Previously an error was given for lower case hex digits.
 

tests/basenc/base64.pl

@@ -124,11 +124,15 @@ sub gen_tests($)
         push @Tests, (
           ['baddecode', '--decode', {IN=>'a'}, {OUT=>""},
           {ERR_SUBST => 's/.*: invalid input//'}, {ERR => "\n"}, {EXIT => 1}],
-          ['paddecode2', '--decode', {IN=>'ab'}, {OUT=>"i"}],
-          ['paddecode3', '--decode', {IN=>'Zzz'}, {OUT=>"g<"}],
+          ['paddecode2', '--decode', {IN=>'aQ'}, {OUT=>"i"}],
+          ['paddecode3', '--decode', {IN=>'Zzw'}, {OUT=>"g<"}],
           ['baddecode4', '--decode', {IN=>'Zz='}, {OUT=>"g"},
           {ERR_SUBST => 's/.*: invalid input//'}, {ERR => "\n"}, {EXIT => 1}],
           ['baddecode5', '--decode', {IN=>'Z==='}, {OUT=>""},
+          {ERR_SUBST => 's/.*: invalid input//'}, {ERR => "\n"}, {EXIT => 1}],
+          ['baddecode6', '--decode', {IN=>'SB=='}, {OUT=>"H"},
+          {ERR_SUBST => 's/.*: invalid input//'}, {ERR => "\n"}, {EXIT => 1}],
+          ['baddecode7', '--decode', {IN=>'SGVsbG9='}, {OUT=>"Hello"},
           {ERR_SUBST => 's/.*: invalid input//'}, {ERR => "\n"}, {EXIT => 1}]
         );
     }