[woff2] Avoid allocation bomb.
This is a fix for commit 85167dbd, reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=60615
- src/sfnt/sfwoff2.c (MAX_SFNT_SIZE): New macro. (woff2_open_font): Use it to limit the maximum size of an uncompressed WOFF2 font.