bgp: improve handling of large variable-length capabilities #616
Description
In general, encoders should be infallible since we are representing valid internal protocol state as a stream of bytes. Any invalid state (e.g. trying to stuff more things into a Message or field than can fit) should be handled well before the attempt to encode it.
For example, if the local configuration would result in a capability length greater than what can be encoded (for capabilities: 1-byte field containing the length in octets), then we should have handlers for splitting that state into multiple capabilities.
Similarly, if a local configuration would result in so many capabilities that an Open message would exceed the max encode-able size of an Open then we should inform the operator so they can take action to reduce the size of the config (or we could error it out before it becomes a problem).