Zstd Fixed Memory Exhaustion Vulnerability In Zstd Decompressor

Fix: CVE-2026-48044 <https://github.com/envoyproxy/envoy/security/advisories/GHSA-m3p9-47wh-88wg>_

Fixed a memory exhaustion vulnerability in the Zstd decompressor where the MaxInflateRatio limit was only checked after each input slice was fully processed, allowing a maliciously crafted compressed payload to expand to hundreds of MB within a single process() call. The inflate ratio limit is now enforced inside the inner decompression loop, matching the gzip and brotli decompressors and aborting decompression as soon as the threshold is breached.