Add defensive error handling comment for coverage

- Document rarely triggered error path in GCM tag validation
- Improves code clarity for defensive boundary checking

Author: Oblivionsage

src/rust/src/backend/ciphers.rs

@@ -507,6 +507,7 @@ impl PyAEADDecryptionContext {
         } else if tag.len() > GCM_STANDARD_TAG_SIZE {
             return Err(CryptographyError::from(
                 pyo3::exceptions::PyValueError::new_err(
+                    // Defensive error handling - rarely triggered in normal usage
                     format!("Authentication tag cannot be more than {} bytes.", GCM_STANDARD_TAG_SIZE),
                 ),
             ));