CVE-2023-23916: HTTP multi-header compression denial of service

## Summary: A server can send an HTTP response with many occurrences of Transfer-Encoding and/or Content-Encoding headers. Each listed encoding allocates a buffer. The number of encodings listed within each header is already bounded but the number of headers is not, allowing an HTTP response to consume all available memory. ## Steps To Reproduce: Using the curl test environment: 1. Extract test418 from the attached patch 2. runtests.pl 418 ## Supporting Material/References: Patch fixing the problem and new test for the case. ## Impact Denial of service.