Compression methods do uncapped allocations

[johannesvollmer]

Description

The expected_byte_size passed to a decompression method sometimes directly allocated the specified amount of memory. The expected size is based on information in the file and could be forged to be very large, possibly resulting in denial-of-service attacs. The compression methods should allocate no more than X bytes at one time.

[johannesvollmer]

Also, use miniz_oxide *_with_limit functions