Merge commit from fork

Add configurable resource limits to prevent potential DoS vectors
via connection/stream exhaustion on gRPC, HTTPS, and HTTPS/3 servers.

New configuration plugins:
- grpc_server: configure max_streams, max_connections
- https: configure max_connections
- https3: configure max_streams

Changes:
- Use netutil.LimitListener for connection limiting
- Use gRPC MaxConcurrentStreams and message size limits
- Add QUIC MaxIncomingStreams for HTTPS/3 stream limiting
- Set secure defaults: 256 max streams, 200 max connections
- Setting any limit to 0 means unbounded/fallback to previous impl

Defaults are applied automatically when plugins are omitted from
config.

Includes tests and integration tests.

Signed-off-by: Ville Vesilehto <ville@vesilehto.fi>

plugin/https/README.md

@@ -0,0 +1,47 @@
+# https
+
+## Name
+
+*https* - configures DNS-over-HTTPS (DoH) server options.
+
+## Description
+
+The *https* plugin allows you to configure parameters for the DNS-over-HTTPS (DoH) server to fine-tune the security posture and performance of the server.
+
+This plugin can only be used once per HTTPS listener block.
+
+## Syntax
+
+```txt
+https {
+    max_connections POSITIVE_INTEGER
+}
+```
+
+* `max_connections` limits the number of concurrent TCP connections to the HTTPS server. The default value is 200 if not specified. Set to 0 for unbounded.
+
+## Examples
+
+Set custom limits for maximum connections:
+
+```
+https://.:443 {
+    tls cert.pem key.pem
+    https {
+        max_connections 100
+    }
+    whoami
+}
+```
+
+Set values to 0 for unbounded, matching CoreDNS behaviour before v1.14.0:
+
+```
+https://.:443 {
+    tls cert.pem key.pem
+    https {
+        max_connections 0
+    }
+    whoami
+}
+```