starknet_transaction_prover,tower_ohttp: OHTTP-unlinkable request-id for decapsulated content

[avi-starkware]

Tags downstream content logs with a request-id via a new RequestSpanLayer
placed below the OHTTP layer. For plaintext it reuses the envelope id from
RequestLogLayer; for an OHTTP-decapsulated request (marked with a new
tower_ohttp::Decapsulated extension) it mints a FRESH UUID and discards any
client-supplied inner id.

The fresh inner id is never echoed back, so the relay-visible envelope id and
the gateway's content-log id cannot be joined — preserving OHTTP unlinkability
while still giving every request's downstream logs a correlatable id.

Co-Authored-By: Claude Opus 4.7 (1M context) noreply@anthropic.com

[reviewable-StarkWare]

This change is 

[avi-starkware]

Warning

This pull request is not mergeable via GitHub because a downstack PR is open. Once all requirements are satisfied, merge this PR as a stack on Graphite.
Learn more

• starknet_transaction_prover: document observability surface in README #14203
• starknet_transaction_prover: origin-level breadcrumbs for validation errors #14172
• starknet_transaction_prover: /health returns 503 when service is saturated #14171
• starknet_transaction_prover: bump prover_panics_total on panic hook fire #14170
• starknet_transaction_prover: HTTP request count + latency + in-flight metrics #14169
• starknet_transaction_prover: proving-job duration + outcome metrics #14168
• starknet_transaction_prover: Prometheus /metrics endpoint with build_info #14167
• starknet_transaction_prover: global panic hook + graceful SIGTERM shutdown #14166
• starknet_transaction_prover,tower_ohttp: OHTTP-unlinkable request-id for decapsulated content #14222 👈 (View in Graphite)
• starknet_transaction_prover: per-request structured log with request-id #14165
• starknet_transaction_prover: unify HTTP middleware stack via macro #14286
• main-v0.14.3

This stack of pull requests is managed by Graphite. Learn more about stacking.

[cursor]

PR Summary

Medium Risk
Changes HTTP middleware ordering and privacy-sensitive request-id handling for OHTTP; mistakes could re-link relay and gateway logs or break request correlation.

Overview
Adds RequestSpanLayer below OHTTP in the prover HTTP/TLS middleware stack so downstream http_request tracing spans get a correlatable x-request-id without linking relay-visible envelope traffic to gateway content logs.

For plaintext, the layer reuses the same id as outer RequestLogLayer (or generates one when run alone). For OHTTP-decapsulated inner requests, tower_ohttp now tags rebuilt requests with a Decapsulated extension; RequestSpanLayer mints a new UUID, drops any client inner id, sets the header only on the inner dispatch, and does not echo that id on the encrypted inner response—so envelope ids stay unlinkable from content-side logs.

Unit and integration tests cover plaintext reuse, decapsulated fresh ids, log+span sharing, production layer ordering (including span inside OHTTP), and an end-to-end unlinkability check.

^{Reviewed by Cursor Bugbot for commit adf3407. Bugbot is set up for automated code reviews on this repo. Configure here.}