Tapscript is missing the policy size limit check. The limit is inconsistent between witness and scriptSig, so for now this uses the (higher) witness size limit.
We should probably unify these on a single limit size (and make it configurable?), but for now this just addresses the oversight the same way it is for the other checks.