Request body limiting

[m4tx]

Since we now support uploading files, it's especially important from the security perspective to limit the request body to avoid out-of-memory errors, Denial-of-Service attacks, and similar problems.

The limit should most probably be implemented globally and configurable via the TOML config. When the limit is exceeded in debug mode, a nice error saying that "the max request body size has been exceeded; you might need to increase the X config to avoid this". When the debug mode is off, a regular HTTP 413 Content Too Large should be displayed - this should go through the project's error handler, if any was set.

[xerion12]

hey @m4tx, especially with file uploads now supported. i’ve worked before on implementing request body / payload size limits in rust web frameworks like axum and actix, including configurable limits and graceful 413 handling. i’d be happy to help design or implement the global limit here, maybe using the config-driven approach you mentioned, with a clean error path for debug vs release.