The /known endpoint takes as input a list of PIDs.
To avoid abusing the DB backend (no matter how much data the web server will accept) we should put a limit on how many PIDs are accepted.
There should be a default, and it should be overridable at the webapp configuration level.
A reasonable default to begin with is probably 1'000 PIDs (one PID is 50 character long, so that's about 50 KiB + json list terminators).
(no need to check the limit in a streaming fashion, we will delegate that part to varnish: T2277)