Address Copilot AI review comments

- FileReaderModule: Make allowedEncodings static const (performance)
- BlobModule: Fix comment to match actual behavior (no logging)
- InspectorPackagerConnection: Throw on validation failure instead of continuing
- Improves security and code clarity

Author: Nitin Chaudhary

vnext/Shared/InspectorPackagerConnection.cpp

@@ -151,7 +151,7 @@ InspectorPackagerConnection::InspectorPackagerConnection(
   } catch (const Microsoft::ReactNative::InputValidation::ValidationException &ex) {
     std::string errorMsg = std::string("Inspector URL validation failed: ") + ex.what();
     facebook::react::tracing::error(errorMsg.c_str());
-    // Continue with invalid URL - error will be caught on connection attempt
+    throw; // Prevent construction with invalid URL
   }
 }
 

vnext/Shared/Modules/BlobModule.cpp

@@ -124,7 +124,7 @@ void BlobTurboModule::Release(string &&blobId) noexcept {
     Microsoft::ReactNative::InputValidation::PathValidator::ValidateBlobId(blobId);
     m_resource->Release(std::move(blobId));
   } catch (const Microsoft::ReactNative::InputValidation::ValidationException &) {
-    // Log but don't propagate - release is best-effort
+    // Silently ignore validation errors - release is best-effort and non-critical
   }
 }
 

vnext/Shared/Modules/FileReaderModule.cpp

@@ -103,8 +103,8 @@ void FileReaderTurboModule::ReadAsText(
 
   // SDL Compliance: Validate encoding (P1 - CVSS 5.5)
   try {
-    // Allowlist of safe encodings
-    std::vector<std::string> allowedEncodings = {
+    // Allowlist of safe encodings (static to avoid repeated allocations)
+    static const std::vector<std::string> allowedEncodings = {
         "UTF-8",
         "utf-8",
         "utf8",