[Rust] configurable size guardrails for untrusted payloads

[chaokunyang]

Feature Request

Add configurable deserialization size guardrails in Fory Rust for untrusted payloads.

Is your feature request related to a problem? Please describe

There are currently no configurable limits for payload-driven lengths. Untrusted binary/map/list lengths can trigger large allocations and memory pressure.

Describe the solution you'd like

Add two configurable size limits to Rust deserialization and enforce them in relevant preallocation-sensitive read paths.

Resolve task:

• Add only two runtime guardrail options: max_binary_size and max_collection_size.
• Enforce max_collection_size for collection and map reads (map uses entry count).
• Enforce max_binary_size for binary byte-length reads.
• Do not add string size checks; string reads are excluded from this requirement.
• Return/throw a deserialization error when a configured limit is exceeded.

Describe alternatives you've considered

Relying only on process-level memory limits and runtime/allocator behavior. This is late-failing and not protocol-aware.

Additional context

Medium: no configurable size guardrails for untrusted payloads (binary/map/list lengths can drive large allocations).

Related locations:

• rust/fory-core/src/config.rs:24
• rust/fory-core/src/serializer/collection.rs:229
• rust/fory-core/src/serializer/collection.rs:287
• rust/fory-core/src/serializer/map.rs:549
• rust/fory-core/src/serializer/map.rs:700
• rust/fory-core/src/buffer.rs:929

[Zakir032002]

Hi @chaokunyang
I'd like to work on this issue and see what i can do.