Add setRequestHeaderSize to restrict incoming request headers

As reported on the mailing list, when NiFi is running in unsecured mode (HTTP), a request can be intercepted (or simply be a malicious request from origin) and have a large request header injected, which can result in Jetty throwing an OutOfMemoryError.

This was reported with reference to the NCM, which indicates a 0.x release. Normal HTTP requests to the API will fail with HTTP response 413 - Request Entity Too Large. Further investigation is needed as this may only be related to cluster operations.

The setRequestHeaderSize method [1] should allow for prevention of this issue.

(IP address redacted)

2017-03-07 03:44:03,522 WARN [NiFi Web Server-22]
o.a.n.c.m.impl.HttpRequestReplicatorImpl Node request for
[id=99a65e79-b856-4e43-9056-1451714498fc, apiAddress=w.x.y.z,
apiPort=38484, socketAddress=w.x.y.z, socketPort=39494,
siteToSiteAddress=w.x.y.z, siteToSitePort=null] encountered
exception: java.util.concurrent.ExecutionException:
java.lang.OutOfMemoryError: Java heap space

[1] http://download.eclipse.org/jetty/stable-9/apidocs/org/eclipse/jetty/server/HttpConfiguration.html#setRequestHeaderSize-int-