GHSA-5x67-j5xg-c5gj: Bugsink: DOS using large numbers of event tags

In affected versions, Bugsink stores every tag supplied with an incoming event. An event with an unusually large number of custom (i.e. supplied by an attacker) tags can therefore make ingestion spend more time than intended writing tag rows.

Bugsink uses a single-writer database architecture. That keeps the implementation simple, but it also means one expensive write transaction can delay other event digestion while it is running. In this case, it makes ingestion of other events wait until the transaction that writes the tags finishes, which effectively causes a temporary denial of service for other events.