Unauthenticated Remote DoS via xpub Change-Index Amplification

A flaw in Blockbook's xpub output-descriptor handling allowed a single unauthenticated HTTP request to trigger a disproportionately large amount of work, because the number of change indexes a caller could supply in a descriptor was not bounded. Each index expanded into a large set of address derivations and database lookups, and the results were stored in a global in-memory cache that had no size limit and retained entries for an hour. By sending a small number of crafted descriptors over time, an attacker could exhaust the server's memory and force an out-of-memory crash, which could leave the underlying database in an inconsistent state requiring a full reindex to recover. The fix bounds the work a single request can generate and limits the cache so that descriptor lookups can no longer accumulate unbounded memory.