Remove local replace directive and fix gofmt in huffman.go

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Fix all go vet and staticcheck findings, update CHANGELOG

Fix scanline decoder crash on non-zero origin data windows (fixes #2)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Add regression test for multipart ReadChunk roundtrip

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Fix LICENSE to match official Apache 2.0 for pkg.go.dev detection

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

v1.0.4 - Security fixes from fuzz testing

Security fixes:
- Fix Huffman decoder bounds check in PIZ decompressor
- Fix divide-by-zero in tile calculations with zero tile size
- Fix nil pointer dereference when channels attribute missing
- Add validation for unknown pixel types in readers
- Add validation for zero sampling and invalid data window dimensions
- Fix DWA decompressor slice bounds vulnerability

Other changes:
- Add Security section to README documenting fuzz testing practices
- Fix outdated API examples in README
- Add fuzz corpus files for regression testing

v1.0.3 - Add GitHub Actions CI

v1.0.2 - Improve test coverage to 90%+

v1.0.1 - Fix author name in NOTICE file

Initial release of go-openexr v1.0.0