Fix important bugs in redbean

This change upgrades to the latest Chromium Zlib, fixes bugs in redbean,
and introduces better support for reverse proxies like Cloudflare. This
change improves the security of redbean and it's recommended that users
upgrade to the release that'll follow. This change also updates the docs
to clarify how to use the security tools redbean provides e.g. pledge(),
unveil(), and the MODE=asan builds which improve memory safety.

third_party/zlib/inffast.internal.h

@@ -1,7 +1,9 @@
-#ifndef COSMOPOLITAN_THIRD_PARTY_ZLIB_INFFAST_H_
-#define COSMOPOLITAN_THIRD_PARTY_ZLIB_INFFAST_H_
-#include "third_party/zlib/inffast.internal.h"
+#ifndef COSMOPOLITAN_THIRD_PARTY_ZLIB_INFFAST_INTERNAL_H_
+#define COSMOPOLITAN_THIRD_PARTY_ZLIB_INFFAST_INTERNAL_H_
 #include "third_party/zlib/zlib.h"
+#if !(__ASSEMBLER__ + __LINKER__ + 0)
+COSMOPOLITAN_C_START_
+/* clang-format off */
 
 /* INFLATE_FAST_MIN_INPUT: the minimum number of input bytes needed so that
    we can safely call inflate_fast() with only one up-front bounds check. One
@@ -9,7 +11,7 @@
    extra, 15 bits for the distance code, 13 bits for distance extra) requires
    reading up to 48 input bits (6 bytes).
 */
-#define INFLATE_FAST_MIN_INPUT 8
+#define INFLATE_FAST_MIN_INPUT 6
 
 /* INFLATE_FAST_MIN_OUTPUT: the minimum number of output bytes needed so that
    we can safely call inflate_fast() with only one up-front bounds check. One
@@ -18,11 +20,8 @@
  */
 #define INFLATE_FAST_MIN_OUTPUT 258
 
-#if !(__ASSEMBLER__ + __LINKER__ + 0)
-COSMOPOLITAN_C_START_
-
 void inflate_fast(z_streamp strm, unsigned start) hidden;
 
 COSMOPOLITAN_C_END_
 #endif /* !(__ASSEMBLER__ + __LINKER__ + 0) */
-#endif /* COSMOPOLITAN_THIRD_PARTY_ZLIB_INFFAST_H_ */
+#endif /* COSMOPOLITAN_THIRD_PARTY_ZLIB_INFFAST_INTERNAL_H_ */