pub async fn correlation_id(req: Request, next: Next) -> Result<Response>Expand description
Middleware: attach a UUID v7 to every request, surface it in the response, and stash it in the request context for the audit pipeline to pick up.
Honours an inbound x-correlation-id header so a proxy or test
harness can pin the id from outside. Only accepts values that
look like a UUID (rough sanity: between 16 and 64 chars, no
whitespace, no control bytes); anything else is replaced with a
fresh UUID v7 so a malicious sender can’t poison the audit trail
with adversarial strings.