Codec that serializes messages using the Erlang external term format.

Decoding hardens against untrusted gRPC payloads (CVE-2026-48853 / GHSA-grp7-v8xh-rj7h):

• :erlang.binary_to_term/2 is called with the :safe option, which prevents the payload from creating new atoms (atom-table exhaustion DoS).
• The decoded term is then rejected if it contains a function, pid, port or reference. :safe alone does not block fun materialization on every OTP release, and a materialized fun reaching a call site enables remote code execution. None of these types are valid in a gRPC payload.

As a consequence, any atom referenced by an incoming payload must already exist in the receiving node, which is the case for loaded protobuf structs.