Limit size of manifest

[AdamKorcz]

This adds a limit to the size of manifest that can get pulled.

Since the manifest is untrusted, this imposes a security risk to go-containerregistry users; If the size of the manifest is excessive compared to the ressources available on the machine running go-containerregistry, then a large manifest could cause Denial of Service by exhausting the memory of the machine.

[codecov-commenter]

Codecov Report

Merging #1711 (bb4c98e) into main (e61c519) will decrease coverage by 0.05%.
The diff coverage is 100.00%.

@@            Coverage Diff             @@
##             main    #1711      +/-   ##
==========================================
- Coverage   72.20%   72.16%   -0.05%     
==========================================
  Files         121      121              
  Lines        9720     9720              
==========================================
- Hits         7018     7014       -4     
- Misses       2028     2030       +2     
- Partials      674      676       +2     

Impacted Files	Coverage Δ
pkg/v1/remote/fetcher.go	74.50% <100.00%> (ø)

... and 1 file with indirect coverage changes

[jonjohnsonjr]

We should probably make this configurable, but 100mb should be way higher than anything would reasonably hit, so I think it's fine to merge as is.

[jonjohnsonjr]

We should probably make this configurable, but 100mb should be way higher than anything would reasonably hit, so I think it's fine to merge as is.