Add HTTP parser boundary checks to secure code review

[tick25108-cpu]

Summary

Closes #1174.

This updates secure-code-review so HTTP request smuggling and parser-confusion risks are evaluated through proxy/framework evidence instead of broad heuristics.

What changed

• Adds a request parser-boundary review step for proxy-backed apps, gateways, load balancers, serverless adapters, and webhook handlers.
• Adds evidence fields for deployed request path, protocol transitions, CL/TE conflict handling, duplicate headers, hop-by-hop header stripping, framework parser order, and validation through the deployed path.
• Adds explicit checks SCR-PARSE-01 through SCR-PARSE-06 for parser ambiguity, forwarded framing headers, HTTP/2 downgrade gaps, unsafe raw-body middleware order, direct-backend-only tests, and benign size-limit overflags.
• Includes vulnerable examples for forwarded Transfer-Encoding and global raw body consumers.
• Includes a benign route-scoped webhook raw-body pattern so signed webhooks are not overreported.
• Extends the output template with parser-boundary evidence and adds CWE-444 / OWASP WSTG references.

Validation

• git diff --check
• Markdown fence balance check
• Marker checks for SCR-PARSE-01 through SCR-PARSE-06, CWE-444, route-scoped webhook raw-body handling, and prompt-injection safety notice
• Reference URL checks returned HTTP 200 for CWE-444 and OWASP WSTG HTTP Request Smuggling

Bounty

Submitting this as an Improver contribution under the repository contribution guidelines. Payment details can be provided privately after maintainer acceptance.