openpgp/packet: limit embedded signature recursion depth

[BiswajeetRay7]

Without a depth limit on embedded signature subpacket parsing,
a malicious OpenPGP packet with deeply nested
embeddedSignatureSubpacket fields causes infinite recursion in
parse(), leading to a stack overflow crash.

Add maxEmbeddedSignatureDepth=2 and pass a depth parameter through
parseWithDepth, parseSignatureSubpackets, and parseSignatureSubpacket
to prevent unbounded recursion.

Fixes golang/go#79923

[gopherbot]

This PR (HEAD: 59fc5d5) has been imported to Gerrit for code review.

Please visit Gerrit at https://go-review.googlesource.com/c/crypto/+/788865.

Important tips:

• Don't comment on this PR. All discussion takes place in Gerrit.
• You need a Gmail or other Google account to log in to Gerrit.
• To change your code in response to feedback:
  • Push a new commit to the branch used by your GitHub PR.
  • A new "patch set" will then appear in Gerrit.
  • Respond to each comment by marking as Done in Gerrit if implemented as suggested. You can alternatively write a reply.
  • Critical: you must click the blue Reply button near the top to publish your Gerrit responses.
  • Multiple commits in the PR will be squashed by GerritBot.
• The title and description of the GitHub PR are used to construct the final commit message.
  • Edit these as needed via the GitHub web interface (not via Gerrit or git).
  • You should word wrap the PR description at ~76 characters unless you need longer lines (e.g., for tables or URLs).
• See the Sending a change via GitHub and Reviews sections of the Contribution Guide as well as the FAQ for details.