Merged PR 21240: [6.0] MSRC 70023 - ASP.Net FormFeature.cs - DenialOfService

# ASP.Net FormFeature.cs - DenialOfService

When parsing multi-part form data with FormFeature.cs, we do not honor ValueCountLimit when the content disposition is of an unknown type. Therefore an attacker could send multi-part form data where very part has invalid content disposition, and make us read indefinitely.

## Description

When parsing multi-part form data with FormFeature.cs, we do not honor ValueCountLimit when the content disposition is of an unknown type. Therefore an attacker could send multi-part form data where very part has invalid content disposition, and make us read indefinitely.

## Customer Impact

Prevents a potential Denial-of-service attack.

## Regression?

- [ ] Yes
- [x] No

## Risk

- [ ] High
- [x] Medium
- [ ] Low

We could have missed another potential version of this vulnerability

## Verification

- [x] Manual (required)
- [x] Automated

Added a test, plus confirmed with a local repro that the pre-existing slowdown goes away after the change.

## Packaging changes reviewed?

- [ ] Yes
- [ ] No
- [x] N/A

----

## When servicing release/2.1

- [ ] Make necessary changes in eng/PatchConfig.props