Improve routes, auth, and middleware test coverage

[alienx5499]

Summary

Increase test coverage around HTTP routing, JWT auth, and common middleware in the HTTP relay. This PR adds focused tests that lock in existing behavior for route listing, auth error handling, and default headers/log level, making future changes safer.

Changes

1. routes_test.go

   • Add TestDisplayRoutes_FiltersAndFallsBack to cover:
     • Filtering the displayed routes by URL path prefix (e.g. /v2 only shows v2 routes).
     • Falling back to listing all routes when no prefixes match.
   • Assert that the handler returns 404 while still returning a plain-text list of routes.
   • Add TestDisplayRoutes_HeadersAndOrder to cover:
     • Content-Type is text/plain; charset=utf-8 and X-Content-Type-Options is nosniff.
     • V2 routes appear after V1 in the response (sort order).

2. auth_test.go

   • Extend JWT auth tests to cover error paths:
     • TestAddAuth_MissingHeader: no Authorization header → 401 with "Missing JWT\n" body.
     • TestAddAuth_InvalidToken: malformed JWT in Authorization header → 401 with "Invalid JWT\n" body.
   • Keeps existing tests that validate HS256/HS384 acceptance and HS512 rejection.

3. middleware_test.go

   • TestAddCommonHeaders: verifies addCommonHeaders sets:
     • Server to the current version.
     • Content-Type to application/json.
     • Access-Control-Allow-Origin to *.
   • TestGetLogLevel: ensures getLogLevel returns:
     • INFO when -verbose is false.
     • DEBUG when -verbose is true.

Checklist

• go test ./... passes in drand/http-relay
• No new linter issues
• Changes are test-only (no production logic modified)