WebP vulnerability

[sgillies]

From https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/

Opening a malicious WebP image could lead to a heap buffer overflow in the content process. We are aware of this issue being exploited in other products in the wild.

Rasterio isn't necessarily exposed to malevolent webp files like a browser is, but some folks use webp tiles in COGs and presumably a poison COG could be exploitable. We should update to libwebp 1.3.2 soon.

cc @vincentsarago

[sgillies]

I thought this would be a quick fix. Instead, I found out that the GitHub and Cirrus CI runners have all changed enough since the 1.3.8 builds such that 1) GDAL 3.6.4 doesn't compile (on intel mac using the 10.15 SDK), or 2) there's a PROJ/GDAL segmentation fault on Linux, Windows, and arm64 macos. Looks like several days work to sort this out, which I won't have until October.

[sgillies]

Making some slow progress in https://github.com/rasterio/rasterio-wheels/pull/110, which will also fix https://github.com/rasterio/rasterio-wheels/issues/111.