Add WithLimit methods for uncompression

[erikdubbelboer]

The current uncompress methods don't enforce a memory limit and are susceptible to things like zip bombs. This pull introduces new methods so retain backwards compatibility. The old methods might be deprecated in the future.

[Copilot]

Pull request overview

This PR adds new WithLimit APIs for request/response body decompression (gzip/deflate/brotli/zstd) and multipart form parsing, so callers can enforce an upper bound on uncompressed body size to mitigate memory-exhaustion attacks (e.g., zip bombs) while keeping existing methods for backwards compatibility.

Changes:

• Add Body*WithLimit / BodyUncompressedWithLimit methods and route existing helpers through the new limit-aware paths.
• Add Request.MultipartFormWithLimit / RequestCtx.MultipartFormWithLimit and clarify Server.FormValueFunc docs for multipart parsing limits.
• Add shared copyZeroAllocWithLimit helper plus tests covering size-limit enforcement across encodings and multipart gzip bodies.

Reviewed changes

Copilot reviewed 7 out of 7 changed files in this pull request and generated 4 comments.

Show a summary per file

File	Description
http.go	Introduces limit-aware decompression APIs, multipart parsing with limits, and copyZeroAllocWithLimit.
compress.go	Refactors gunzip/inflate writers to use internal limit-aware helpers.
brotli.go	Refactors brotli decompression writer to use internal limit-aware helper.
zstd.go	Refactors zstd decompression writer to use internal limit-aware helper.
server.go	Updates docs and exposes RequestCtx.MultipartFormWithLimit to guide safe multipart parsing.
http_test.go	Adds tests ensuring ErrBodyTooLarge is returned when uncompressed size exceeds the limit.
README.md	Documents MultipartFormWithLimit guidance for untrusted multipart input.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.