Audit WASIp3 implementation for resource exhaustion

[alexcrichton]

#12652 audited all of WASIp{1,2}, but given that WASIp3 is not covered by out security policy yet (it's off-by-default) it was not audited in the interest of time. We should, however, go through all of WASIp3's APIs and implementations to audit for any resource exhaustion vectors.

[dicej]

Is this a duplicate of #11552, or does this supersede that issue?

[alexcrichton]

Similar, but separate I think. I'll comment some more on that issue, but for example WASIp3's implementation of get-random-bytes needs some sort of limit in place. Additionally we should audit stream/future implementations to ensure a guest can't accidentally force a host to buffer huge amounts of memory (things like that). #11552 is still good to address, notably making the current limit added configurable.