Fix OSS-Fuzz #508342856: cap Content-Length reservation by payload_max_length_

A malicious or malformed server response with an enormous Content-Length
header (e.g. 20000000000) caused the client to call res.body.reserve(len)
with the untrusted value, triggering OOM before read_content's
payload_max_length_ check could take effect. Cap the pre-reservation
at payload_max_length_, since reading more than that is never useful.

test/fuzzing/corpus/clusterfuzz-testcase-minimized-client_fuzzer-5188033728282624

@@ -0,0 +1,3 @@
+ HTTP/1.1 777
+Content-Length:20000000000
+