fix(server): bump sharp to 0.34.3 + add unlimited flag

[simonhammes]

Description

This bumps sharp to 0.34.3 and adds the unlimited flag to disable all memory-related restrictions.

Fixes #20028

To Do

• Depends on chore: Update libvips base-images#239
  I applied the changes locally in order to test the changes in this PR.

How Has This Been Tested?

• Uploaded large (in terms of pixel size) HEIC file and verified that Immich was able to generate thumbnail images

Checklist:

• I have performed a self-review of my own code
• I have made corresponding changes to the documentation if applicable
• I have no unrelated changes in the PR.
• I have confirmed that any new dependencies are strictly necessary.
• I have written tests for new code (if applicable)
• I have followed naming conventions/patterns in the surrounding code
• All code in src/services/ uses repositories implementations for database calls, filesystem operations, etc.
• All code in src/repositories/ is pretty basic/simple and does not have any immich specific logic (that belongs in src/services/)

[simonhammes]

This should presumably be guarded behind some sort of configuration option (e.g. an environment variable).

Enabling this should be carefully considered in deployments where trust in users is weaker.

[alextran1502]

Can you elaborate on the potential issues or security concerns?

[benmccann]

You could presumably create a malicious image which consumes enough memory to crash the server

[benmccann]

Perhaps it'd be better to make limitInputPixels configurable? That sounds like it might also solve this and be a safer approach. Potentially it could be set based on available system memory, which might also prevent people from hitting this as often

[simonhammes]

You could presumably create a malicious image which consumes enough memory to crash the server

Thank you, this is what I meant

[Saopanda]

the base-image is merged