WebSocketServerExtensionHandler ignore client_max_window_bits parameters

[skyguard1]

In PerMessageDeflateServerExtensionHandshaker ignores the client_max_window_bits parameter,

 if (CLIENT_MAX_WINDOW.equalsIgnoreCase(parameter. getKey())) {
// use preferred clientWindowSize because client is compatible with customization
clientWindowSize = preferredClientWindowSize;
} 

just use the preferredClientWindowSize. And in PerMessageDeflateClientExtensionHandshaker uses Integer.parseInt() parsing client_max_window_bits parameters

clientWindowSize = Integer.parseInt(parameter.getValue());
if (clientWindowSize > MAX_WINDOW_SIZE || clientWindowSize < MIN_WINDOW_SIZE) {
succeed = false;
}

, But in the https://datatracker.ietf.org/doc/html/rfc7692#section-7.1.2 write

A client MAY include the "client_max_window_bits" extension parameter
in an extension negotiation offer.  This parameter has no value or a
decimal integer value without leading zeroes between 8 to 15.

So a NumberFormatException might be thrown here. I don't know why PerMessageDeflateClientExtensionHandshaker can parse server_max_window_bits but in PerMessageDeflateServerExtensionHandshaker the client_max_window_bits were ignored. I can not found this in the rfc document. I think we need to fix this

[nikitanagar08]

I've implemented a fix for this issue. PR #16424 is now open for review.

The fix addresses:

• Server-side: Parse client_max_window_bits value when present, otherwise use preferred client window size
• Client-side: Handle null value gracefully to avoid NumberFormatException

Tests added for both scenarios.

[nikitanagar08]

I've implemented a fix for this issue. PR #16424 is now open for review. The fix addresses both the server-side parsing and client-side null value handling as described in the RFC 7692 spec.