Allow users to constrain the size of values

[tgregg]

In version 2.15, Jackson is introducing StreamReadConstraints to allow users to avoid parsing string and integer values that exceed the configured length.

ion-java should consider allowing users to similarly configure maximum value sizes. This would help resource-constrained use cases and help protect against potentially-malicious input. It would allow Jackson to support the StreamReadConstraints feature over Ion data.

ion-java's incremental reader supports a feature similar to this via BufferConfiguration, allowing the user to specify the maximum size of the reader's internal buffer, which is used to buffer top-level values. In this way, users can protect against unbounded buffer growth, but only at the top level, and without being able to set different limits for different data types, and only for binary Ion data.

See FasterXML/jackson-dataformats-binary#358

[pjfanning]

In jackson 2.16 (when released), there will also be a limit on the size of the object names. 50,000 chars or bytes depending on the input context.