Blob resolver: properly validate blob size

The current remote blob fetch resolver relies entirely on the Content-Length header being truthful, which a malicious PDS could forge to be an inaccurate size which the server would blindly trust. It would be a good idea security-wise to validate the size of the blob as it is fetched by the appview and abort a fetch if it grows too large.

Relevant snippet: https://tangled.org/juprodh.bsky.social/lichen.wiki/blob/main/src/server/routes/blob.ts#L169-172