Large and iterable cache data is always pickled and stored in the cache backend, and was deserialized with no integrity check. Given the sensitive nature of pickling, we don't want to unpickle anything that we don't trust. Cached pickle data is now authenticated with an `HMAC-SHA256` keyed on the cache encryption key (which falls back to `SECRET_KEY`), independent of whether encryption is enabled. The MAC is computed over the concatenated pickled items and stored alongside the chunk count, in the form "<count>:<mac>". On read, the assembled data is verified eagerly, before any of it reaches pickle.load(); a mismatch is treated as a cache miss and the value is recomputed. Old (pre-7.0) entries with a bare count and forged/tampered data both fail this check and are recomputed rather than deserialized. Testing Done: Ran unit tests.