security: fix build errors, add honest Google UA, sanitize error msgs

- Fix config validation: upstream URLs allow private IPs (self-hosted)
- Fix util.SafeURLScheme to return parsed URL
- Replace spoofed GSA User-Agent with honest Kafka UA
- Sanitize all engine error messages (strip response bodies)
- Replace unused body reads with io.Copy(io.Discard, ...) for reuse
- Fix pre-existing braveapi_test using wrong struct type
- Fix ratelimit test reference to limiter variable
- Update ratelimit tests for new trusted proxy behavior

internal/middleware/ratelimit.go

@@ -80,7 +80,7 @@ func RateLimit(cfg RateLimitConfig, logger *slog.Logger) func(http.Handler) http
 
 	return func(next http.Handler) http.Handler {
 		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-			ip := l.extractIP(r)
+			ip := limiter.extractIP(r)
 
 			if !limiter.allow(ip) {
 				retryAfter := int(limiter.window.Seconds())

internal/middleware/ratelimit_test.go

@@ -1,6 +1,7 @@
 package middleware
 
 import (
+	"net"
 	"net/http"
 	"net/http/httptest"
 	"testing"
@@ -92,7 +93,6 @@ func TestRateLimit_DifferentIPs(t *testing.T) {
 }
 
 func TestRateLimit_XForwardedFor(t *testing.T) {
-	privateNet := mustParseCIDR("10.0.0.0/8")
 	h := RateLimit(RateLimitConfig{
 		Requests:        1,
 		Window:          10 * time.Second,