fix(supervisor-network): block h2c L7 tunnel escape

[ddurst-nvidia]

Summary

Fail closed for h2c on L7-inspected tunnels instead of falling back to a raw L4
tunnel. This prevents HTTP/2 prior-knowledge traffic from bypassing REST L7
policy enforcement after an allowed CONNECT endpoint decision.

Related Issue

Security override approved:

Changes

• Adds tunnel payload classification for CONNECT traffic: TLS, HTTP/1.x, h2c
  prior-knowledge, and unsupported.
• Blocks h2c prior-knowledge and other unsupported tunnel payloads when an
  endpoint has active L7 enforcement.
• Blocks HTTP/1.1 Upgrade: h2c requests on forward-proxy L7 paths.
• Emits L7 denial activity when unsupported h2c is attempted on an L7-inspected
  endpoint.
• Adds focused tests for h2c prior-knowledge detection, h2c upgrade detection,
  and fail-closed tunnel behavior.

Testing

• mise run pre-commit passes
• mise run ci passes
• Unit tests added/updated
• E2E tests added/updated (if applicable)

Manual sandbox validation:

• Baseline upstream/main reproduced the issue with a Docker-backed OpenShell
  sandbox: curl --http2-prior-knowledge --proxytunnel http://<allowed-host>:<port>/denied caused the outside listener to receive
  113 bytes starting with PRI * HTTP/2.0.
• Patched branch blocked the same workload: the outside listener accepted the
  TCP connection but received bytes=0, and the sandbox logged an L7 denial for
  unsupported h2c on an L7-inspected endpoint.

Checklist

• Follows Conventional Commits
• Commits are signed off (DCO)
• Architecture docs updated (if applicable)