Fix HTTP/2 response leak.

[samuel-williams-shopify]

When an HTTP/2 client resets a stream before the server sends response headers (common with gRPC cancellation), request.send_response(response) raises ProtocolError: Cannot send headers in state: closed. The response body is never closed because there is no ensure guard on the send path. Any resources tied to body lifecycle — such as rack.response_finished callbacks and utilization metrics — are permanently leaked.

This was discovered via Falcon's requests_active utilization metric (tracked by Body::RequestFinished), which was never decremented on this error path. On clusters with gRPC traffic, each ProtocolError leaked +1 into requests_active permanently, producing a monotonically increasing gauge.

The fix adds ensure response&.close in Server#each, bringing the HTTP/2 server to parity with the HTTP/1 server which already had equivalent ensure body&.close(error) handling. The call is safe on all paths: on success the body is already closed by send_body and close is idempotent; on yield failure response is nil so the call is a no-op; on task cancellation ensure still runs after defer_stop.

Types of Changes

• Bug fix.

Contribution

• I added tests for my changes.
• I tested my changes locally.
• I agree to the Developer's Certificate of Origin 1.1.