Release hardening for API, gossip, and snapshots

[kacy]

Summary

This PR hardens several release-blocking paths uncovered in the audit.

• streams large HTTP request and response bodies instead of failing on fixed buffers
• fixes S3 upload and download behavior for larger payloads and multipart completion
• rejects gossip messages whose sender identity does not match the configured peer endpoint
• creates snapshot temp files with owner-only permissions
• adds targeted coverage for the new request/response, multipart, sender-validation, and snapshot-permission paths

Root Cause

A few core paths still assumed small payloads or implicitly trusted local defaults:

• the HTTP server used fixed-size request and response buffers
• multipart completion rebuilt final objects in memory
• authenticated gossip messages were not checked against the sender's configured endpoint
• snapshot temp files relied on process defaults for file permissions

Impact

These changes remove several release blockers in storage, clustering, and operational safety:

• large object traffic can pass through the API path without synthetic 500s from buffer overflow
• multipart uploads no longer require assembling the final object in memory
• cluster peers cannot impersonate another configured member by reusing a valid shared key
• snapshot artifacts are no longer exposed through permissive temp-file defaults

Validation

• zig build test-integration -Doptimize=ReleaseSafe
• zig build test -Doptimize=ReleaseSafe -Dtest-filter='completeMultipartUpload streams parts into final object'
• zig build test -Doptimize=ReleaseSafe -Dtest-filter='readRequestAlloc handles body larger than legacy buffer'
• zig build test -Doptimize=ReleaseSafe -Dtest-filter='writeResponse streams body larger than response scratch buffer'
• zig build test -Doptimize=ReleaseSafe -Dtest-filter='isTrustedSender matches configured gossip member endpoint'
• zig build test -Doptimize=ReleaseSafe -Dtest-filter='createUniqueTempFile uses owner-only permissions'