First pass at adding iteration limits to the extension algorithm.

[garretrieger]

I've introduced two mechanisms to limit the number of iterations that can be made in the extension algorithm (to prevent malformed/bad fonts from causing an excessive or infinite number of iterations):

1. Added text to prevent re-loading the same patch url multiple times (this prevents a case where a patch that does nothing is applied over and over again).
2. Introduced iteration limits:

• Limited the number of partial/full invalidation patch loads to 100, this limit is lower because these patches have to be loaded and applied serially.
• Limited the total number of patch applications of any type to 2000. This limit is higher since No Invalidation patches will loaded and applied in parallel.

The specific numeric limits are a first pass and I'm open to discussion on what would be good values for these limits.

---

Preview | Diff

[garretrieger]

Useful to have these limits to prevent Denial of Service attacks from carefully-crafted fonts. So this should perhaps be called out in the Security section? But that can easily be a separate PR, no need to hold this one up.

Good idea, that would definitely be good to discuss there.