fix: replace MaxBytesReader(nil) with io.LimitReader to avoid nil ResponseWriter panic

http.MaxBytesReader panics when the ResponseWriter is nil and the body
exceeds the limit. Switched to io.LimitReader (reads maxBytes+1 to detect
overflow) and io.ReadAll, eliminating the nil-writer dependency entirely.
Replaced the string-comparison EOF check with errors.Is(err, io.EOF).

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Author: intel352

internal/module_webhook.go

@@ -6,7 +6,9 @@ import (
 	"crypto/sha256"
 	"encoding/hex"
 	"encoding/json"
+	"errors"
 	"fmt"
+	"io"
 	"net/http"
 	"strings"
 	"time"
@@ -306,27 +308,16 @@ func normalizeGenericEvent(event *GitEvent, payload map[string]any) {
 }
 
 // readLimitedBody reads up to maxBytes from the request body.
+// It uses io.LimitReader to cap reads safely without requiring a ResponseWriter.
+// If the body is exactly maxBytes, an extra byte is attempted to detect overflow.
 func readLimitedBody(r *http.Request, maxBytes int64) ([]byte, error) {
-	r.Body = http.MaxBytesReader(nil, r.Body, maxBytes)
-	buf := make([]byte, 0, 4096)
-	tmp := make([]byte, 4096)
-	var total int64
-	for {
-		n, err := r.Body.Read(tmp)
-		if n > 0 {
-			total += int64(n)
-			if total > maxBytes {
-				return nil, fmt.Errorf("request body exceeds %d bytes", maxBytes)
-			}
-			buf = append(buf, tmp[:n]...)
-		}
-		if err != nil {
-			if err.Error() == "EOF" || err.Error() == "http: request body too large" {
-				break
-			}
-			// io.EOF is expected at end of body
-			break
-		}
+	lr := io.LimitReader(r.Body, maxBytes+1)
+	buf, err := io.ReadAll(lr)
+	if err != nil && !errors.Is(err, io.EOF) {
+		return nil, fmt.Errorf("failed to read request body: %w", err)
+	}
+	if int64(len(buf)) > maxBytes {
+		return nil, fmt.Errorf("request body exceeds %d bytes", maxBytes)
 	}
 	return buf, nil
 }