program: safe deserialize config keys

[buffalojoec]

Problem

Working with the Firedancer conformance suite revealed a relatively inconsequential control flow mismatch between the BPF version of the Config program and its original builtin version.

The limited_deserialize function is designed to stop deserialization at some input buffer length cap, but it does not limit memory allocations as a result of some deserialized vector length. In the case of ConfigKeys, a very large ShortU16 length value could be provided to the program's input, forcing the deserialization step to allocate space for a massive vector of (Pubkey, bool), exhausting the BPF program's heap.

The program would still fail, but the error would be different between the builtin and BPF versions. To ensure maximum backwards compatibility, and to give developers a more proper error code, the BPF program's deserialization needs an additional check for allocation size.

Summary of Changes

Add a check for the provided ShortU16 vector length to the program's input deserialization, to catch any would-be large vector allocations before causing an OOM.

[joncinque]

The change looks good! Just a few little things

[joncinque]

Is the extra check that expensive? Why are all the CU numbers so much higher? Or is it a new toolchain?

[buffalojoec]

I'm not sure why CUs changed so much, or why the change isn't constant, but I've built this branch with CLI v2.0.2 as declared in the workspace manifest. I cannot guarantee I've always built with v2.0.2 though...

[joncinque]

Looks great!