fix: guard against empty choices and null message in Azure LLM response

[qizwiz]

Summary

In backend/pyspur/nodes/llm/_utils.py, the Azure path inside completion_with_backoff() accesses response.choices[0].message.content without first verifying that choices is non-empty and message is not None:

response = await acompletion(**azure_kwargs, drop_params=True)
return response.choices[0].message.content  # ← unguarded

Two crash vectors:

• IndexError — API returns an empty choices list (network hiccup, quota exhaustion, provider-side filtering)
• AttributeError — choices[0].message is None (documented Gemini PROHIBITED_CONTENT behaviour: returns HTTP 200 with a null message object rather than an error status)

Both exceptions bypass the existing except Exception handler and propagate unhandled to the tenacity retry wrapper, which may exhaust retries and surface a confusing traceback to the caller.

Change

# Before
return response.choices[0].message.content

# After
if not response.choices or response.choices[0].message is None:
    raise ValueError("LLM returned empty or filtered response")
return response.choices[0].message.content

The ValueError is caught by the inner except Exception block (logging.error + re-raise), then by the tenacity retry policy — matching existing behaviour for other transient errors.

References

• OpenAI API docs — finish_reason content_filter
• Detected by pact static analysis (llm_response_unguarded rule)