enforce canonical encoding and MAX_SIZE in VarIntSerializer

[dgpv]

core.serialize.VarIntSerializer now checks for value bounds of deserialized
compact size integer. If it enconters non-canonical encoding, or the size
bigger than MAX_SIZE (0x02000000) it throws DeserializationValueBoundsError

I just noticed that VarIntSerializer.stream_deserialize() is not in line with current Core's ReadCompactSize(). It does not check for MAX_SIZE (the check that was there from the start, I think), and it also does not check for the encodings to be canonical (if the encoding is of 3-byte length, it should not contain value less than 0xFD, etc) - the constraint added in 2013.

This patch adds the checks and the new exception, DeserializationValueBoundsError.

Tests now do not try to validate non-canonical encodings, but check that non-canoncial encodings throw the appropriate exception.

[dgpv]

the use of int() may be a problem on python2, but as far as I remember, python-bitcoinlib is announced to be python3-only from the next release.

[petertodd]

Yeah, writing py3-only code is fine now.

Is there anything else you'd do if this pull-req was py3-only?

[dgpv]

Is there anything else you'd do if this pull-req was py3-only?

No, this code was ported from python-bitcointx, which is py3-only from the start.