Forward maximum image size to decoder plugins

[farindk]

Currently, libheif checks the ispe image size against the security limit. However, this does not catch the case when the ispe content is fake and not matching the encoded image data. We would have to pass the maximum image size to the decoder plugin and in each plugin check the compressed image size before actually starting the decoding. This is only possible if the decoding library supports this.

[farindk]

Security limits are now passed to the plugins (944ac3f92e39bf4f664e08b7515a86f65aa36ad4).

However, this currently only checks the allocation of the output heif_image. Ideally, we should check the image size of the compressed stream before actually starting the decoding.