Check Transaction cardinality at parse time, to limit memory usage

[teor2345]

Motivation

Zebra can use a lot of memory when parsing malicious transactions, but we can use existing consensus rules to limit memory usage at parse time.

We should also Box some of the large Optional data structures, so that memory isn't allocated unless they are actually used. Then we can statically assert that the Transaction, Output, and Spend types aren't too large.

We should make these fixes after the Orchard designs and code (#1886 and #1860) and SafeAllocate (#1920) are implemented.

Solution

• Implement all the above count consensus rules when deserializing transactions (rather than during semantic verification)
  • The Sapling rules are currently implemented in zebra_consensus::transaction::check::has_inputs_and_outputs
• Write tests that assert the SafeAllocate limits for Spend, Output and Action are all less than 2^16 (done in Check nSpendsSapling, nOutputsSapling, and nActionsOrchard 2^16 limit #3069 and Add missing nSpendsSapling limit check #3076)

Alternative Designs

We could Box data structures that are inside Vecs, but that increases memory fragmentation, and doesn't help if the incoming message or block has enough data to fill the Vec.

[teor2345]

Actually Orchard is more important than this local node security fix.

[mpguerra]

Adding this one to Sprint 24 for discussion

[teor2345]

Adding this one to Sprint 24 for discussion

We just did the most important part of this ticket in PRs #3069 and #3076.

But I'm happy to discuss the rest.

[mpguerra]

This is done