Add stricter protocol checks and defensive parsing to RequestParser and update tests accordingly. Changes include: enforce Host header for HTTP/1.1 and reject duplicate Host headers; treat presence of both Content-Length and Transfer-Encoding as a protocol error; validate Content-Length is numeric and non-negative; parse chunk-size lines while ignoring extensions and validate chunk sizes; enforce an aggregate cap on chunked bodies to prevent unbounded growth; correct keep-alive semantics to depend on HTTP version and explicit Connection header. Tests were adjusted (some header-limit tests use HTTP/1.0) and several new tests added for invalid Content-Length, invalid chunk sizes, chunk extensions, aggregate chunk size limit, Host header requirements, and ensuring RequestProcessor returns 400 for malformed Content-Length.

Add strict per-line framing and limits to HttpConnectionReader (CRLF required, 8KB max line length) to prevent request-smuggling and unbounded memory growth; invalid terminators or overlong lines now throw ProtocolException. Remove redundant header-size check from RequestParser since line limits are enforced by the reader. Refactor RequestProcessor to extract handler invocation and ensure Connection: close is honored even when handlers throw (500 responses also close). Update ResponseWriter to avoid duplicating the Date header when already set and to write headers/body using UTF-8. Add and adjust unit tests to cover bare-LF rejection, overlong lines, connection-close propagation on errors, non-duplicated Date header, and UTF-8 body writing.