http: adding response flood protection (#113)

[PiotrSikora]

This is similar to the http2 frame protection, but rather than try to
guard
[header block || last body bytes || last chunk in chunk encoding ||
trailer block]
depending on end stream, which just gets messy, I opted to just add an
empty reference counted fragment after the body was serialized, which
appears to work just as well with a small theoretical overhead. If
folks think the complexity is warranted I can of course do that instead.

Risk Level: Medium
Testing: new unit tests, integration test
Docs Changes: stats documented
Release Notes: added

Signed-off-by: Alyssa Wilk alyssar@chromium.org

[googlebot]

All (the pull request submitter and all commit authors) CLAs are signed, but one or more commits were authored or co-authored by someone other than the pull request submitter.

We need to confirm that all authors are ok with their commits being contributed to this project. Please have them confirm that by leaving a comment that contains only @googlebot I consent. in this pull request.

Note to project maintainer: There may be cases where the author cannot leave a comment, or the comment is not properly detected as consent. In those cases, you can manually confirm consent of the commit author(s), and set the cla label to yes (if enabled on your project).

ℹ️ Googlers: Go here for more info.

[googlebot]

A Googler has manually verified that the CLAs look good.

(Googler, please make sure the reason for overriding the CLA status is clearly documented in these comments.)

ℹ️ Googlers: Go here for more info.