Evaluate reasonable default limits and timeout values

[clue]

Currently, this project does not implement any timeouts whatsoever.

Depending on a number of factors, a malicious client may be able to consume all open sockets and/or available bandwidth, so that no legitimate client may be able to use this server anymore.

As such, it's probably safer to deploy this behind a reverse proxy such as nginx or haproxy if you want to open this to a broader public (aka the internet).

This ticket aims to serve as a base to discuss, evaluate and subsequently implement reasonable limits so that this is no longer needed.

[clue]

I'm closing this for now as it hasn't received any input in a while and I have no plans to change this myself anytime soon and I'm not sure there's an issue in the first place. Please come back if you feel this is still an issue and we can reopen this 👍