apollo_propeller: guard inbound reads on non-empty unsent_units buffer

[sirandreww-starkware]

No description provided.

[cursor]

PR Summary

Low Risk
Small, localized change to inbound polling order in network handler code; reduces DoS risk without touching auth or persistence.

Overview
Fixes inbound back-pressure in the Propeller connection handler so behavior matches the documented “one batch at a time” model for unsent_units.

poll_inner now polls inbound substreams only when unsent_units is empty, after draining to the bounded engine channel. Previously, inbound reads could continue while decoded units were still queued, so a fast peer could keep filling unsent_units even when the engine channel was back-pressured—risking unbounded memory growth.

Outbound sends are unchanged; the guard only limits when new wire batches are read and decoded.

^{Reviewed by Cursor Bugbot for commit 82de509. Bugbot is set up for automated code reviews on this repo. Configure here.}

[reviewable-StarkWare]

This change is 

[sirandreww-starkware]

• apollo_propeller: handler fixes #13291
• apollo_propeller: handler tests #13290
• apollo_propeller: rate-limit invalid unit warnings in handler #13583
• apollo_propeller: remove HandlerOut::Unit from behaviour event path #13351
• apollo_propeller: guard inbound reads on non-empty unsent_units buffer #14533 👈 (View in Graphite)
• apollo_propeller: route inbound units through bounded channel #13350 : 1 other dependent PR (#13582 )
• apollo_propeller: buffer unsent units from partial batches #13349
• apollo_propeller: wire bounded unit channels between handler and engine #13348
• apollo_propeller: add RegisterHandler command and inbound unit SelectAll #13347
• apollo_propeller: add inbound_channel_capacity config field #13346
• main

This stack of pull requests is managed by Graphite. Learn more about stacking.