Validate chunk size in Chunked Encoding are HEXDIG

RFC7230 states that a chunk-size should be 1*HEXDIG, this is now
validated before passing the resulting string to int() which would also
parse other formats for hex, such as: `0x01` as `1` and `+0x01` as `1`.
This would lead to a potential for a frontend proxy server and waitress
to disagree on where a chunk started and ended, thereby potentially
leading to request smuggling.

With the increased validation if the size is not just hex digits,
Waitress now returns a Bad Request and stops processing the request.
3 files changed