Web API: /known: add a length limit to the list of accepted PID

The /known endpoint takes as input a list of PIDs. To avoid abusing the DB backend (no matter how much data the web server will accept) we should put a limit on how many PIDs are accepted. There should be a default, and it should be overridable at the webapp configuration level.

A reasonable default to begin with is probably 1'000 PIDs (one PID is 50 character long, so that's about 50 KiB + json list terminators).

(no need to check the limit in a streaming fashion, we will delegate that part to varnish: swh/infra/sysadm-environment#2277)

---

Migrated from T2276 (view on Phabricator)