Unauthenticated Remote Memory Exhaustion via Unbounded Timestamp Array

A flaw in Blockbook's fiat-rates lookups allowed a single unauthenticated request to consume a disproportionate amount of server memory, because the REST multi-tickers endpoint and the corresponding WebSocket method accepted a caller-supplied list of timestamps with no upper bound on its size. A single large request could allocate a substantial amount of heap, and because the WebSocket layer permitted many concurrent pending requests per connection with no global limit, one connection could sustain several gigabytes of allocation pressure. This could force an out-of-memory crash, which could leave the underlying database in an inconsistent state requiring a full reindex to recover. The fix bounds the number of timestamps accepted per request and limits concurrent in-flight work so a single connection can no longer drive unbounded memory use.