scrypt recipient parser accepts non-canonical integer encodings

[DavidBuchanan314]

The scrypt work factor is encoded as a decimal integer string, which is parsed using int() here:

https://github.com/jojonas/pyage/blob/d6b910db03b9f963efd40945a47df36a400b8f98/src/age/recipients/scrypt.py#L28

This is incorrect for two reasons. Firstly, it allows leading zeroes, which is forbidden by the age spec (it also allows leading or trailing whitespace, and a + prefix). Secondly, and perhaps more surprisingly, it accepts non-latin digits. for example:

>>> int("0၁4")
14

I have attached an age file encrypted with passphrase "hello", which abuses this. Correct age implementations reject the file as invalid, but pyage accepts it:

$ pyage decrypt -p -i test.age
Type passphrase: hello
Hello, world!

I realise that pyage is explicitly not intended to be a secure implementation, but I thought I'd report this anyway (it might be interesting for other implementers to know!)

test.age.zip