Add fuzz testing for router and OpenAPI

[RomanEmreis]

Summary

• Added a full cargo-fuzz package under fuzz/ with four initial libFuzzer targets (fuzz_router_match, fuzz_query_decode, fuzz_extractor_typed, fuzz_openapi_gen) and wired them as fuzz binaries in fuzz/Cargo.toml.
• Implemented deterministic, bounded harnesses:
  • Router target uses structured arbitrary input (method, bounded path, optional host) with MAX_LEN=512.
  • Query target enforces MAX_LEN=1024.
  • Extractor target caps body/header counts (MAX_BODY=4096, MAX_HEADERS=16) and sanitizes header names.
  • OpenAPI target is selector-driven with bounded input (MAX_LEN=256).
• Added internal fuzz helpers behind a new fuzzing feature to exercise practical internals without full server startup: router matching (Endpoints::find), query parsing/decoding paths, typed JSON extraction on a bounded runtime, and OpenAPI registration/document serialization flows.
• Exposed the new fuzz helper module via lib.rs, added a fuzzing feature, and excluded fuzz/ from the workspace members so cargo-fuzz works as expected.
• Added seed corpora for fast-start coverage under fuzz/corpus/* (router/query/extractor/openapi), plus a dedicated FUZZING.md documenting local commands, env settings, limits, and CI behavior.
• Added GitHub Actions fuzz workflow:
  • PR/build path: nightly toolchain, cargo-fuzz install, cargo +nightly fuzz build, plus smoke runs for router/query.
  • Scheduled nightly path: all four targets with per-target max_len and bounded runtime.
  • ASAN tuning + RSS limits configured in workflow env/args.

Type

• Bug fix
• Feature
• Enhancement
• Performance
• Documentation
• Refactor
• Security
• Breaking change

Checklist

• I added/updated tests where it makes sense
• I updated docs/examples if needed
• This change is backwards-compatible (or clearly marked as breaking)
• I ran formatting/lints locally (if applicable)

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: a6d459c2cc

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[RomanEmreis]

@codex review

[chatgpt-codex-connector]

Codex Review: Didn't find any major issues. Can't wait for the next one!

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".