feat(supervisor-middleware): add in-process egress middleware

[pimlock]

Summary

Implements RFC 0009 Phase 1: proto-backed, policy-selected, in-process supervisor HTTP egress middleware for HttpRequest/pre_credentials.

This draft establishes the first reviewable middleware seam without external middleware registration or transport. It adds the contract, policy plumbing, in-process chain execution, built-in secret redaction, relay integration, audit events, and Definition-of-Done coverage for the Phase 1 scope.

Related Issue

Closes #2010
Part of #1733
Design/RFC: #1738

Changes

• Add the openshell.middleware.v1 protobuf contract and generated Rust module wiring.
• Add the openshell-supervisor-middleware crate with chain execution, in-process service dispatch, fail-open/fail-closed handling, safe append-only header mutation, metadata propagation, findings, and a built-in openshell/secrets redactor.
• Extend sandbox policy/proto/schema/Rego conversion for middleware configs and attachments, including policy-level and endpoint-level middleware ordering.
• Integrate middleware into supervisor-network L7 REST relay and passthrough HTTP credential relay before credential injection and upstream forwarding.
• Treat over-capacity request bodies as on_error events with recoverable fail-open behavior for declared Content-Length over-cap and deny-safe behavior once chunked bytes are consumed.
• Emit OCSF HTTP activity and detection findings for middleware decisions, failures, fail-open bypasses, over-cap bodies, and findings without logging raw payload values.
• Add/expand unit and integration-style coverage for chain behavior, unsafe headers, deny short-circuiting, redaction before credential injection, passthrough HTTP inspection, WebSocket upgrade inspection, and OCSF audit safety.
• Update constructors and tests across CLI/server/sandbox/provider policy paths for the new middleware field.

Testing

• mise run pre-commit passes
  • Ran mise run pre-commit; Rust formatting, linting, and test legs ran, but the task exits nonzero at existing Helm lint setup: chart metadata is missing these dependencies: postgresql.
• Unit tests added/updated
  • cargo check --workspace
  • cargo test -p openshell-supervisor-middleware
  • cargo test -p openshell-supervisor-network
  • cargo test -p openshell-server validate_rule_
• E2E tests added/updated (if applicable)

Checklist

• Follows Conventional Commits
• Commits are signed off (DCO)
• Architecture docs updated (if applicable; design tracked in RFC PR rfc-0009: supervisor middleware #1738)

[copy-pr-bot]

Auto-sync is disabled for draft pull requests in this repository. Workflows must be run manually.

Contributors can view more details about this message here.

[pimlock]

/ok to test 9ebcdd5