job-list: limit constraint comparisons to avoid DoS

[chu11]

Problem: Job-list constraints are not limited in their size. A nefarious user could cause a DoS of the job-list service by sending an extremely large constraint request.

Solution: Set a reasonable max on constraint sizes. The maximum length a constraint array can be is 256 elements and the maximum recursive depth (via and/or/not operators) is set to 16.

Add unit tests.

Fixes #5669

---

This was something I came up with ... good idea? bad idea? the limit sizes ok?