Only buffer up to 512 KiB of pending CRYPTO frames [#501].

[rthalley]

Address #501 by limiting the size required to buffer pending CRYPTO frames to 512 KiB. I picked this size based on it being big enough for post-quantum crypto, but still not very big. The limit applies to the amount of storage we need to allocate, not the size of inbound fragments, so e.g. a bunch of small fragment around the 512 KiB offset would still trigger as we use a contiguous buffer and the required size would exceed the limit.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 100.00%. Comparing base (b507364) to head (c5aef28).

Additional details and impacted files

@@            Coverage Diff            @@
##              main      #505   +/-   ##
=========================================
  Coverage   100.00%   100.00%           
=========================================
  Files           25        25           
  Lines         4987      4993    +6     
=========================================
+ Hits          4987      4993    +6     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[rthalley]

Note that the codespell check seems confused; it's complaining about a test function name "assertIn" in code I didn't change, and is just confused. When I run codespell locally, I don't see it. I see there is some issue with the openssl vendoring too, though again not related to this PR.

[jlaine]

Maybe add a comment stating this is a number of bytes?

[jlaine]

If you rebase on top of main the CI errors should be fixed. Once CI is green feel free to merge, thanks!