[confighttp] Fix zstd decoder data corruption due to decoder pooling

[carsonip]

Description

See bug description in #13954

Fix zstd decoder pool and data corruption by guarding against multiple reader Close.

As this is a security issue, ideally the change goes out in an emergency bugfix release

Link to tracking issue

Fixes #13954

Testing

Confirmed it does not fail test in #13954

Documentation

[codecov]

Codecov Report

❌ Patch coverage is 70.00000% with 3 lines in your changes missing coverage. Please review.
✅ Project coverage is 91.67%. Comparing base (0cdc78b) to head (e1cbcf3).
⚠️ Report is 2 commits behind head on main.

Files with missing lines	Patch %	Lines
config/confighttp/compression.go	70.00%	2 Missing and 1 partial ⚠️

❌ Your patch status has failed because the patch coverage (70.00%) is below the target coverage (95.00%). You can increase the patch coverage or adjust the target coverage.

Additional details and impacted files

@@            Coverage Diff             @@
##             main   #13955      +/-   ##
==========================================
- Coverage   91.67%   91.67%   -0.01%     
==========================================
  Files         653      653              
  Lines       42554    42559       +5     
==========================================
+ Hits        39013    39014       +1     
- Misses       2733     2736       +3     
- Partials      808      809       +1     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[lahsivjar]

LGTM! A minor comment. Thanks a lot for fixing this major bug.

[carsonip]

[to reviewer] intentionally only testing zstd but not other compressions, because the behavior is highly implementation dependent. And there is no point asserting behavior of code implemented elsewhere.

[codeboten]

Thanks @carsonip