🐛 bug: apply limits to msgp serialization

[Copilot]

Description

Prevent msgp limit tags from unnecessarily constraining cache and idempotency payloads whose sizes are governed by storage policy rather than serializer limits. Keep per-field caps for headers and other small fields to protect against unbounded memory usage during deserialization. Regenerate msgp outputs so runtime decoding enforces the intended limits and fails fast on malicious inputs.

Changes introduced

• Cache & Idempotency: Removed global msgp body size caps for cache.item.body and idempotency.response.Body, deferring body-size enforcement to storage policy while retaining field-level limits for headers and metadata fields.
• Per-field limits: Increased header/map array caps (e.g., Headers) to 1024 and tightened per-field byte limits for ctype, cencoding, cacheControl, expires, etag, and header key/value sizes.
• Redirect limits: Added //msgp:limit arrays:256 maps:32 marshal:true for cookie-based redirect payloads (constrained by ~4KB cookie limits).
• Code generation: Regenerated *_msgp.go files to include size-constant checks, ReadBytesLimit/ReadBytesHeader variants, and explicit msgp.ErrLimitExceeded checks.
• Linting: Added //nolint:revive annotations where msgp tags on unexported fields require linter exceptions.

No additional limits needed for csrf (empty struct), limiter (fixed-size primitives only), or session (msgp-ignored).

• Benchmarks: No performance impact expected; limits only affect edge cases with malicious payloads.
• Documentation Update: N/A - internal serialization implementation.
• Changelog/What's New: N/A - security hardening, not user-facing.
• Migration Guide: N/A - transparent to users.
• API Alignment with Express: N/A
• API Longevity: N/A
• Examples: N/A

Type of change

• Code consistency (non-breaking change which improves code reliability and robustness)

Checklist

• Followed the inspiration of the Express.js framework for new functionalities, making them similar in usage.
• Conducted a self-review of the code and provided comments for complex or critical parts.
• Updated the documentation in the /docs/ directory for Fiber's documentation.
• Added or updated unit tests to validate the effectiveness of the changes or new features.
• Ensured that new and existing unit tests pass locally with the changes.
• Verified that any new dependencies are essential and have been agreed upon by the maintainers/community.
• Aimed for optimal performance with minimal allocations in the new code.
• Provided benchmarks for the new code to analyze and improve upon.

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.