cmd/age: accept leading whitespace before armored data

It was already accepted by the API, but the CLI did not handle it while
peeking to detect armored input.

cmd/age/age.go

@@ -481,7 +481,9 @@ func decrypt(identities []age.Identity, in io.Reader, out io.Writer) {
 			"consider using -o or -a to encrypt files in PowerShell")
 	}
 
-	if start, _ := rr.Peek(len(armor.Header)); string(start) == armor.Header {
+	const maxWhitespace = 1024
+	start, _ := rr.Peek(maxWhitespace + len(armor.Header))
+	if strings.HasPrefix(string(bytes.TrimSpace(start)), armor.Header) {
 		in = armor.NewReader(rr)
 	} else {
 		in = rr

cmd/age/testdata/armor.txt

@@ -0,0 +1,21 @@
+age -d -i key.txt armored_with_leading_and_trailing_whitespace.txt
+stdout test
+
+-- key.txt --
+# created: 2025-12-23T22:21:12+01:00
+# public key: age15w9kgvgggmfra4sz6vk39kz4mveuq2sfv5vmcu090y0k2sluepaqv7z2fv
+AGE-SECRET-KEY-18J6FVYJE2AFSJ0RPH6M29GMUU62UVRSCNWUJZSGETH6R38Q5AZ3S2DHAZ9
+
+-- armored_with_leading_and_trailing_whitespace.txt --
+
+   
+
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5ODhFNHR6RVg0SGVHZFBM
+clBEclEzZ3NvOGhqVE9tcFZnbTc2c3R5a0Q4ClZjVzBLNjdxRElZV3E0Z3ZpZ255
+T3JWTFBHRFA2cytpWWtkeU45dDRadmcKLS0tIHV3L3hOVmJjL0hMRXBQa05lMlRs
+ZW45TndPeE9GcmRNeWFkR3YxeHg0YzQKJBp6KRlFFUE8jbAQUBlcAwaaQcPAflJD
+pWGoOjYP33gTxJHNPg==
+-----END AGE ENCRYPTED FILE-----
+
+   

internal/inspect/inspect.go

@@ -5,6 +5,7 @@ import (
 	"bytes"
 	"fmt"
 	"io"
+	"strings"
 
 	"filippo.io/age/armor"
 	"filippo.io/age/internal/format"
@@ -38,7 +39,9 @@ func Inspect(r io.Reader, fileSize int64) (*Metadata, error) {
 
 	tr := &trackReader{r: r}
 	br := bufio.NewReader(tr)
-	if start, _ := br.Peek(len(armor.Header)); string(start) == armor.Header {
+	const maxWhitespace = 1024
+	start, _ := br.Peek(maxWhitespace + len(armor.Header))
+	if strings.HasPrefix(string(bytes.TrimSpace(start)), armor.Header) {
 		r = armor.NewReader(br)
 		data.Armor = true
 	} else {