security: fix CVE-2023-39326 [1.20 backport]

[gopherbot]

@rolandshoemaker requested issue #64433 to be considered for backport to the next 1.20 minor release.

@gopherbot please open backport issues.

[gopherbot]

Change https://go.dev/cl/547355 mentions this issue: [release-branch.go1.20] net/http: limit chunked data overhead

[gopherbot]

Closed by merging 6446af9 to release-branch.go1.20.