Standardize UUID validation across all REST API controllers

[m4cd4r4]

Summary

Closes #4588.

Malformed UUID path/query params currently reach Repo.get and raise Ecto.Query.CastError, which Phoenix turns into a 500 response. This extracts a shared validate_uuid/1 helper and applies it consistently across all REST API controllers.

Changes:

• Add validate_uuid/1 to LightningWeb.API.Helpers - returns :ok or {:error, :bad_request}
• WorkflowsController - private validate_uuid/1 now delegates to the shared helper (preserves existing 422 message behaviour via maybe_handle_error)
• CredentialController - replaces private validate_uuid/1 with shared helper; malformed credential id now returns 400 instead of 404
• JobController, ProjectController, RunController, WorkOrdersController, ProvisioningController, AiAssistantController - add validate_uuid/1 calls before any DB lookup that would otherwise raise Ecto.Query.CastError

Tests: UUID validation test cases added to all affected controller test files.

AI disclosure

• I used Claude Code to assist with this contribution

Test plan

• New tests in each controller test file assert 400 for not-a-uuid inputs
• Existing tests continue to pass
• mix test test/lightning_web/controllers/api/ passes

[m4cd4r4]

Rebased onto current main (was 61 commits behind, CONFLICTING) and addressed the failing test_elixir job.

Conflicts resolved:

• lib/.../api/run_controller.ex (show): merged with the new %Lightning.Run{} struct match so we get UUID validation plus the stricter return-shape check.
• lib/.../api/work_orders_controller.ex (show): same pattern for %Lightning.WorkOrder{}.
• lib/.../api/project_controller.ex (show): kept the %Lightning.Projects.Project{} struct match introduced upstream.
• lib/.../api/job_controller.ex (show): switched to the new Jobs.get_job(id, include: [...]) API (no bang, single preload) that landed upstream.
• test/.../api/run_controller_test.exs: kept both the new upstream describe "show" block and this PR's describe "malformed UUID params" block.

Test failure root cause:
The index action in credential_controller.ex had an else clause that handled nil and {:error, :unauthorized} but not {:error, :bad_request}, so Helpers.validate_uuid/1 returning :bad_request for a malformed project_id blew up the with (WithClauseError). Added the missing {:error, :bad_request} -> {:error, :bad_request} arm so it falls through to FallbackController, which already returns 400. Matches the pattern this PR already uses in delete.

The second failure in the prior CI (test list_dataclips_for_job/3 doesn't return a dataclip if the wrong text is entered in Lightning.InvocationTest) is unrelated to this PR (touches no invocation code) - flagging in case it's a known flake.

CI is re-running now.