security: fix build errors, add honest Google UA, sanitize error msgs

- Fix config validation: upstream URLs allow private IPs (self-hosted)
- Fix util.SafeURLScheme to return parsed URL
- Replace spoofed GSA User-Agent with honest Kafka UA
- Sanitize all engine error messages (strip response bodies)
- Replace unused body reads with io.Copy(io.Discard, ...) for reuse
- Fix pre-existing braveapi_test using wrong struct type
- Fix ratelimit test reference to limiter variable
- Update ratelimit tests for new trusted proxy behavior

internal/util/validate.go

@@ -14,13 +14,17 @@ import (
 	"strings"
 )
 
-// SafeURLScheme returns true if the URL uses an acceptable scheme (http or https).
-func SafeURLScheme(raw string) bool {
+// SafeURLScheme validates that a URL is well-formed and uses an acceptable scheme.
+// Returns the parsed URL on success, or an error.
+func SafeURLScheme(raw string) (*url.URL, error) {
 	u, err := url.Parse(raw)
 	if err != nil {
-		return false
+		return nil, err
 	}
-	return u.Scheme == "http" || u.Scheme == "https"
+	if u.Scheme != "http" && u.Scheme != "https" {
+		return nil, fmt.Errorf("URL must use http or https, got %q", u.Scheme)
+	}
+	return u, nil
 }
 
 // IsPrivateIP returns true if the IP address is in a private, loopback,