NVIDIA SIL GEN3C Unauthenticated RCE via Pickle Deserialization in Inference API

An attacker who can reach the inference API port sends a crafted HTTP POST request to either `/request-inference` or `/seed-model` with a `Content-Type` of `application/octet-stream` or `application/json` and a body containing a Python pickle payload with a `__reduce__` gadget [ref_id=1]. Because the server calls `pickle.loads()` on the raw body without any authentication, the gadget executes arbitrary code during deserialization, giving the attacker code execution as the inference process [CWE-502].

The vulnerability resides in `gui/api/server.py`, where the `/request-inference` and `/seed-model` endpoints call `pickle.loads()` directly on raw HTTP request bodies without any authentication or input validation [ref_id=1]. The patch replaces this unsafe deserialization with a JSON-based codec in the new file `gui/api/api_serialization.py` that only reconstructs an allow-listed set of dataclasses [patch_id=6466863].

The patch replaces `pickle.loads()` with a new `loads_api_message()` function in `gui/api/api_serialization.py` that deserializes JSON payloads and only reconstructs an allow-listed set of dataclasses (`InferenceRequest`, `SeedingRequest`, `CompressedSeedingRequest`, etc.) [patch_id=6466863]. The server endpoints now validate the `Content-Type` header, requiring either `application/vnd.gen3c.api+json` or `application/json`, and reject any payload that does not match the expected message type. A debug self-check mode (`debug_api_check.py`) verifies that pickle payloads are rejected with a 400 status and never deserialized.