test(api/rpc): add CELESTIA-202 OOM reproduction

[rootulp]

Summary

• Add unit tests demonstrating the unlimited JSON-RPC batch request vulnerability (CELESTIA-202)
• Add a Docker-based reproduction that shows an actual OOM kill on a real celestia-node

Unit tests (api/rpc/server_test.go)

• TestServer_BatchRequestLimit: sends a batch of 10K requests — server processes all without any limit
• TestServer_BatchResponseAmplification: demonstrates 34x memory amplification (small request → large response)

Docker reproduction (api/rpc/oom-repro/)

Starts a local devnet (celestia-app validator + celestia-node bridge with 512 MB memory limit), then ramps up concurrent batch requests until the bridge node is OOM-killed.

| Concurrency | Peak Memory | % of 512 MB |
|-------------|-------------|-------------|
| Baseline    | 41.8 MiB    | 8%          |
| 1 batch     | 141.9 MiB   | 28%         |
| 2 batches   | 212.0 MiB   | 41%         |
| 3 batches   | 341.1 MiB   | 67%         |
| 4 batches   | OOM killed  | -           |

Run with: bash api/rpc/oom-repro/repro.sh

Test plan

• Run go test -run TestServer_BatchRequestLimit ./api/rpc/
• Run go test -run TestServer_BatchResponseAmplification ./api/rpc/
• Run bash api/rpc/oom-repro/repro.sh and verify OOM kill

🤖 Generated with Claude Code

[rootulp]

I tried running this and it did demonstrate increased memory usage. The Docker graphs disappear as soon as the bridge node OOMs so I couldn't capture anything beyond these:

but the Docker Bridge node has way less memory than our hardware requirements so it may be much more difficult to OOM a node with 64 GB of memory.

Ref: https://docs.celestia.org/operate/getting-started/hardware-requirements/#non-archival-data-availability-nodes