ServerboundContainerClickPacket and ServerboundEditBookPacket allow DoS attack

The bug

1.17.1-pre1 Mojang names

The following has not been tested, it is only based on the decompiled source code.

The packets ServerboundContainerClickPacket and ServerboundEditBookPacket seem to allow denial of service (DoS) attacks because they create lists and maps of user controlled size, allowing usage of unlimited amount of memory.
The underlying issue is that the methods FriendlyByteBuf.readCollection(IntFunction, Function) and FriendlyByteBuf.readMap(IntFunction, Function, Function) call the allocator IntFunction with the user-controlled size without any validation / restriction.