Backport the following fixes from 2.46.x:
Librsvg now has limits on the number of loaded XML elements,
and the number of referenced elements within an SVG document. This
is to mitigate malicious SVGs which try to consume all memory, and
those which try to consume an exponential amount of CPU time.
Fix stack exhaustion with circular references in <use> elements.
Fix a denial-of-service condition from exponential explosion
of rendered elements, through nested use of SVG <use> elements in
malicious SVGs. This is similar to the XML "billion laughs attack"
but for SVG instancing.