• greatly expand the SECURITY IMPLICATIONS and similar sections.
  
• new constructor new_safe, to create a secure CBOR::XS object.
  
• new option forbid_objects, to disallow serialisation.
  
• new CBOR::XS::safe_filter functionality.
  
• fix a crash when decoding a cyclic data structure using
  stringref/pack_strings when allow_cycles is disabled.
  
• fix a crash when decoding hash keys with length >= 2**31.
  
• avoid unreasonably long decoding times for certain
  types of (corrupt) cbor texts.
  
• support arrays and hashes with >= 2**31 members.
  
• avoid overflow on pointer arithmetic when checking whether enough
  data is available.
  
• fix a memory leak that occured when decoding failed while decoding
  a tagged value.
  
• do not leak the partially constructed result when stringifying
  a hash key throws an exception.
  
• various code size and efficiency optimizations (reduced code
  from 42 to 40kB on my system, despite the new features).