Security: restore previous default limits prior to commit 2374ade

[lovell]

Commit 2374ade allows security limits to be set per context but also removed/altered a couple of the original limits. Removing the max_iloc_items limit opens libheif to a denial of service attack. This PR restores the previous defaults.

[farindk]

You are right that we should have some limits there by default.

The reason for changing those numbers was that while experimenting with large tiled images, I often hit those limitations. Now I think that these limits should be computed differently. For example, the max_children_per_box should probably depend on the parent box.

Since setting the limits has been opened to the user, we might express them in simpler terms. It's probably not easy to see what a max_iloc_items does. If we can compute this from something like max_images_in_file it might be easier to understand and control by the user.

[lovell]

Thanks Dirk, I agree the defaults can be improved, this PR is attempting only to restore the previous defaults to reduce the noise levels we've been experiencing from libvips fuzz tests over the last couple of days.