praefect: Read line-by-line in track-repositories
When parsing invalid input json.Decoder
may go into an infinite loop
and consume an unbounded amount of memory. Admins who accidentally pass
a badly formatted file to track-repositories
are at risk of
accidentally triggering OOM kills as a result.
To mitigate this risk, let's read the input line-by-line and then attempt to unmarshall it, which will gracefully fail on invalid JSON. This does prevent us from checking for unexpected fields in the input, but so long as the expected fields are present extra data isn't a problem.