Add AppContext switch for SignedInfo maximum number of references.

[vcsjones]

By default, the SignedInfo class will process at most 100 references per SignedInfo as a security mitigation. In .NET Framework, this value is configurable by registry. In .NET Core however, this value is hardcoded to 100. For users that are currently using the configuration for .NET Framework, they have no path forward to supporting more than 100 references, which has been observed in SOAP messages.

Fixes #123665

[dotnet-policy-service]

Tagging subscribers to this area: @bartonjs, @vcsjones, @dotnet/area-system-security
See info in area-owners.md if you want to be subscribed.

[Copilot]

Pull request overview

This PR makes the maximum number of <Reference> elements allowed in a <SignedInfo> block configurable via an AppContext switch, instead of being hard-coded to 100. This restores a configuration capability that existed via registry in .NET Framework and is needed for workloads with high reference counts (e.g., some SOAP scenarios).

Changes:

• Introduces an internal LocalAppContextSwitches.MaxReferencesPerSignedInfo integer value, sourced from the AppContext key System.Security.Cryptography.MaxReferencesPerSignedInfo with a default of 100 and graceful fallback on invalid values.
• Updates SignedInfo.LoadXml to enforce the reference count limit via the new app-context-backed setting instead of Utils.MaxReferencesPerSignedInfo.
• Extends SignedXml_Limits tests to use a StringBuilder-based XML generator and adds RemoteExecutor-based tests verifying the default limit and the behavior of the AppContext switch with various string and integer configurations.
• Enables Microsoft.DotNet.RemoteExecutor in the XML crypto tests project and wires the new LocalAppContextSwitches.cs into the System.Security.Cryptography.Xml project.

Reviewed changes

Copilot reviewed 6 out of 6 changed files in this pull request and generated no comments.

Show a summary per file

File	Description
src/libraries/System.Security.Cryptography.Xml/tests/System.Security.Cryptography.Xml.Tests.csproj	Enables IncludeRemoteExecutor so test code can run in isolated processes when validating AppContext-driven behavior.
src/libraries/System.Security.Cryptography.Xml/tests/SignedXml_Limits.cs	Refactors XML construction into a reusable ConstructXml helper, adds constants for the default limit and switch name, and introduces RemoteExecutor-based tests covering both default and AppContext-configured max reference counts.
src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/Utils.cs	Removes the MaxReferencesPerSignedInfo constant, delegating this responsibility to the new app-context-backed configuration.
src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/SignedInfo.cs	Changes the reference count check to use LocalAppContextSwitches.MaxReferencesPerSignedInfo so the limit can be configured at runtime.
src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/LocalAppContextSwitches.cs	Adds a new partial LocalAppContextSwitches implementation for this assembly that reads System.Security.Cryptography.MaxReferencesPerSignedInfo via AppContext.GetData, converts it to int, and falls back to the default of 100 on null or conversion errors.
src/libraries/System.Security.Cryptography.Xml/src/System.Security.Cryptography.Xml.csproj	Includes the new LocalAppContextSwitches.cs source file in the System.Security.Cryptography.Xml build so the new app context switch is available at runtime.