• [HTTP3] Verify number of bytes in incoming DATA frames against content-length.
• [HTTP3] Stop issuing streams credits if peer stops opening QPACK decoder window. This addresses a potential attack whereby client can cause the server to keep allocating memory. See Security Considerations in the QPACK draft.
• [BUGFIX] Mini conn: don't shorten max packet size for Q050 and later.
• [BUGFIX] Init IETF connection flow controller using correct setting.
• [BUGFIX] Fix unintended sign extension when removing header protection.
• Code cleanup and minor fixes.