* Extract shared DnsTestHelper from duplicated stub_dns_resolution methods
* Fix flaky WebTest by stubbing DNS resolution for push subscription creation
This addresses a DoS vulnerability where the response might be massive
leading to OOM errors, as the response is read in full in memory by
default.
To prevent this, we need to read the body in chunks, checking the
size of the chunks we've read and raising if we go over a certain limit.
I've set the limit to 100 KB because the responses to these requests
should be fairly small or even empty, and we only care about the status
code in the end.
- `bin/setup` installs gitleaks
- add `gitleaks dir` command to CI
- configure gitleaks to ignore tmp, log, and encrypted files
- tag existing false positives with `gitleaks:allow`
- add historical false positives to the ignore list