Add NoExcessive type and confidential http helper

[ernest-nowacki]

Two related improvements to how callers pass requests into capability methods:

1. httpRequest helper for ConfidentialHTTPClient — supports ability to just use body field with json and make allow helper to put into the right proto oneof (bodyString / bodyBytes). Having body in http request is super popular and well expected within TypeScript community so I consider it worthy addon. The drawback is that we would need to manually maintain this helper if there are proto changes to the capability itself.

2. NoExcess / CapabilityInput input gating — every generated capability method now rejects unknown keys on the JSON input shape, even when the request is lifted into a variable. Previously TypeScript's structural typing only triggered excess-property checks on inline object literals; once a request was bound to a const, using fields like body (instead of bodyString) silently compiled.

3. Added a new workflow example demonstrating usage of the helper.

Native protobuf messages are still accepted unchanged — CapabilityInput branches on the $typeName brand and only applies NoExcess to JSON shapes.

Before / After

Before — manual proto-aware payload, plus stale keys silently allowed once bound to a variable:

const client = new ConfidentialHTTPClient()

// Has to know the proto oneof keys (bodyString/bodyBytes), and base64 the bytes path manually.
const req = {
  request: {
    url: runtime.config.url,
    method: 'POST',
    bodyString: JSON.stringify({ hello: 'world' }),
    multiHeaders: {
      'content-type': { values: ['application/json'] },
    },
    body: 'hello world', // silently compiles — excess-property check skipped on bound objects
  },
}

client.sendRequest(runtime, req).result()

After — single ergonomic body, and unknown keys fail at the call boundary:

import { ConfidentialHTTPClient, httpRequest } from '@chainlink/cre-sdk'

const client = new ConfidentialHTTPClient()

const req = {
  request: httpRequest({
    url: runtime.config.url,
    method: 'POST',
    body: { hello: 'world' },             // object  -> JSON.stringify -> bodyString
    // body: 'raw',                       // string  -> bodyString , value passed as is
    // body: new Uint8Array([0xde, 0xad]),// bytes   -> base64 -> bodyBytes
  }),
}

client.sendRequest(runtime, req).result() // typo'd `body` field on the outer shape now fails to typecheck

The raw form still works for callers who want it — httpRequest is opt-in:

client.sendRequest(runtime, {
  request: {
    url: runtime.config.url,
    method: 'POST',
    bodyString: JSON.stringify({ hello: 'world' }),
    multiHeaders: { 'content-type': { values: ['application/json'] } },
  },
}).result()

Notes

• body, bodyString, and bodyBytes are mutually exclusive (proto oneof); supplying more than one throws.
• headers and multiHeaders may both be supplied — multiHeaders is applied first, headers entries replace per-name.
• NoExcess recursion stops at primitives, Uint8Array, and index-signature maps (e.g. multiHeaders[string]), so dynamic header names remain unrestricted. Depth bound is 6 to keep tsc work bounded.

[russell-stern]

If this is what the developer sees we should give them a bit more clarity. They probably don't need to know we use proto under the hood so something like `'httpRequest: specify the request body using only one of: body, bodyString, or bodyBytes'

[russell-stern]

We should wrap this in a try/catch in case JSON.stringify errors from bad input we can give a better error message than the generic error it will return