fix: prevent StackOverflowError from deeply nested GeometryCollection in GeoJsonParser

[ZeroX-404]

Description:

## Problem
`GeoJsonParser.parseGeometry()` and `createGeometryCollection()` call each 
other recursively with no depth limit. A malicious GeoJSON file containing 
deeply nested `GeometryCollection` objects triggers a `StackOverflowError`, 
crashing any Android app that loads the file via `GeoJsonLayer`.

**Vulnerable call chain:**

parseGeometry()
→ createGeometry()
→ createGeometryCollection()
→ parseGeometry() // unbounded recursion

A PoC GeoJSON file of ~93KB with 2000 levels of nesting is sufficient 
to trigger the crash.

## Fix
- Add `MAX_GEOMETRY_DEPTH = 20` constant
- Add private `parseGeometry(JSONObject, int depth)` overload
- Pass depth counter through `createGeometry()` and `createGeometryCollection()`
- Geometries exceeding the limit are ignored with a `Log.w()` warning

## Testing
Verified that parsing a GeoJSON with 2000 nesting levels no longer 
throws `StackOverflowError` after this fix.

[google-cla]

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

[ZeroX-404]

Hi maintainers, could someone please review this fix? I verified that it prevents the StackOverflowError caused by deeply nested GeometryCollections.

[ZeroX-404]

Hi @dkhawk, gentle follow up — could you take a look when you have a moment? Happy to adjust anything. Thanks!

[ZeroX-404]

Hi @dkhawk, I've updated the PR with unit tests covering the depth-limit behavior:

• testDeeplyNestedGeometryCollection_doesNotThrowStackOverflow — verifies 2000-level nesting no longer crashes
• testGeometryBeyondMaxDepth_returnsNull — verifies geometry beyond MAX_GEOMETRY_DEPTH (20) returns null
• testShallowNestedGeometryCollection_parsedCorrectly — regression guard for normal shallow nesting

Happy to adjust anything if needed. Thanks!

[dkhawk]

Hi @dkhawk, I've updated the PR with unit tests covering the depth-limit behavior:

• testDeeplyNestedGeometryCollection_doesNotThrowStackOverflow — verifies 2000-level nesting no longer crashes
• testGeometryBeyondMaxDepth_returnsNull — verifies geometry beyond MAX_GEOMETRY_DEPTH (20) returns null
• testShallowNestedGeometryCollection_parsedCorrectly — regression guard for normal shallow nesting

Happy to adjust anything if needed. Thanks!

Thank you for your contribution! And sorry for the delay in reviewing it as I have been away.

BTW, this version of code is slated to be replaced soon. We have a complete rewrite in https://github.com/googlemaps/android-maps-utils/tree/feat/rewrite-android-maps-utils. We have put out the first RC and expect RC2 soon.

I'll see if the problem also exists in that rewrite.

[ZeroX-404]

Hi @dkhawk, I've applied your suggested changes — countdown maxDepth logic and updated test assertions. All tests pass locally. Ready for merge whenever you are!