Set stricter resource limits for `graphicsmagick` - NO CHANGELOG
This is an experimental, unreleased feature.
We currently invoke gm without any specified limits. For reasons of service availability and security we should probably constrain resource usage more.
In the Rails app, we already reject image sizes that exceed a certain amount of pixels (> w400 for now). With this change here we furthermore constrain the maximum amount of heap spaced used for image storage to 1MB, and the maximum number of threads gm may execute to 1.
The 1MB limit is much more than we currently need to scale such small avatars, but it seems reasonably small, considering that we also cap the number of simultaneouly executing gm procs to 100, ergo no more than 100MB of node memory should ever be allocated to image scaling currently.
W.r.t. thread count, I am not sure what might affect this in practice, but I ran the same benchmarks I had run previously on my 16 core machine and noticed no performance degradation with Threads 1, so in order to not risk gm cannibalizing CPU resources from the main workhorse process, it can't hurt to put a lid on this if it's not costing us performance.