net/http: close connections when receiving too many headers (CVE-2023-45288) [1.22 backport]

[gopherbot]

@rolandshoemaker requested issue #65051 to be considered for backport to the next 1.22 minor release.

@gopherbot please open backport issues.

Edit: Corrected issue reference (#66297 -> #65051)

[gopherbot]

Change https://go.dev/cl/576076 mentions this issue: [release-branch.go1.22] net/http: update bundled golang.org/x/net/http2

[gopherbot]

Closed by merging e55d7cf to release-branch.go1.22.

[gopherbot]

Change https://go.dev/cl/576255 mentions this issue: [release-branch.go1.22] all: tidy dependency versioning after release