[AZ-808] [AZ-811] Strict validation on region POST + lat/lon GET

AZ-808: FluentValidation for POST /api/satellite/request
- RegionRequestValidator: id non-empty, lat/lon/sizeMeters/zoomLevel ranges
- RequestRegionRequest: [JsonRequired] on every property, no implicit defaults
- Wired via .WithValidation<RequestRegionRequest>() in MapPost chain
- Unit + integration tests + curl probe script
- New contract: contracts/api/region-request.md v1.0.0

AZ-811: FluentValidation + envelope filter for GET /api/satellite/tiles/latlon
- GetTileByLatLonQuery: nullable record (double?/int?) so the minimal-API
  binder never short-circuits with BadHttpRequestException before filters
- GetTileByLatLonQueryValidator: Cascade(Stop) + NotNull + InclusiveBetween
  per param; missing surfaces as `\`<name>\` is required.`
- RejectUnknownQueryParamsEndpointFilter: reusable IEndpointFilter that
  rejects any query key outside the allowed set with errors[<key>] map;
  catches legacy `?Latitude=` typos and hostile probes (`?debug=1&admin=1`)
- Handler: [AsParameters] GetTileByLatLonQuery + .Value deref post-validator
- Unit (validator + filter) + integration tests + curl probe script
- New contract: contracts/api/tile-latlon.md v1.0.0

Shared hygiene
- Promote AssertErrorsContainsMention from per-test-file private helpers to
  ProblemDetailsAssertions (closes batch-1 Low-severity DRY warning)
- Sync Swagger param descriptions, README, blackbox/security/perf scripts,
  uuidv5 doc with the new lat/lon/zoom query-param names

Docs
- system-flows.md F1/F2 reference the new contracts + validation layers
- modules/api_program.md adds Api/Validators + Api/DTOs sections
- _autodev_state.md: batch 2 of 4 complete; next batch = AZ-809

All smoke tests green (mode=smoke, exit 0). AZ-808 + AZ-811 transitioned
to In Testing on Jira.

Co-authored-by: Cursor <cursoragent@cursor.com>

SatelliteProvider.IntegrationTests/TileInventoryValidationTests.cs

@@ -199,7 +199,7 @@ public static class TileInventoryValidationTests
 
         // Assert
         ProblemDetailsAssertions.AssertValidationProblem(problem, expectedStatus: 400, label: "AZ-796 missing z");
-        AssertErrorsContainsMention(problem, expectedMention: "z", label: "AZ-796 missing z");
+        ProblemDetailsAssertions.AssertErrorsContainsMention(problem, expectedMention: "z", label: "AZ-796 missing z");
 
         Console.WriteLine("  ✓ Missing `z` rejected with errors map mentioning the field");
     }
@@ -325,7 +325,7 @@ public static class TileInventoryValidationTests
 
         // Assert
         ProblemDetailsAssertions.AssertValidationProblem(problem, expectedStatus: 400, label: "AZ-796 unknown root field");
-        AssertErrorsContainsMention(problem, expectedMention: "unknownField", label: "AZ-796 unknown root field");
+        ProblemDetailsAssertions.AssertErrorsContainsMention(problem, expectedMention: "unknownField", label: "AZ-796 unknown root field");
 
         Console.WriteLine("  ✓ Unknown root field rejected; errors map names the field");
     }
@@ -344,7 +344,7 @@ public static class TileInventoryValidationTests
 
         // Assert
         ProblemDetailsAssertions.AssertValidationProblem(problem, expectedStatus: 400, label: "AZ-796 unknown nested field");
-        AssertErrorsContainsMention(problem, expectedMention: "foo", label: "AZ-796 unknown nested field");
+        ProblemDetailsAssertions.AssertErrorsContainsMention(problem, expectedMention: "foo", label: "AZ-796 unknown nested field");
 
         Console.WriteLine("  ✓ Unknown nested field rejected; errors map names the field");
     }
@@ -364,7 +364,7 @@ public static class TileInventoryValidationTests
 
         // Assert
         ProblemDetailsAssertions.AssertValidationProblem(problem, expectedStatus: 400, label: "AZ-794 legacy field");
-        AssertErrorsContainsMention(problem, expectedMention: "tileZoom", label: "AZ-794 legacy field");
+        ProblemDetailsAssertions.AssertErrorsContainsMention(problem, expectedMention: "tileZoom", label: "AZ-794 legacy field");
 
         Console.WriteLine("  ✓ Legacy v1.x field names rejected with explicit error (no silent coercion)");
     }
@@ -392,39 +392,4 @@ public static class TileInventoryValidationTests
         var content = new StringContent(body, Encoding.UTF8, "application/json");
         return httpClient.PostAsync(InventoryPath, content);
     }
-
-    private static void AssertErrorsContainsMention(JsonElement problem, string expectedMention, string label)
-    {
-        if (!problem.TryGetProperty("errors", out var errorsEl) || errorsEl.ValueKind != JsonValueKind.Object)
-        {
-            throw new Exception($"{label}: expected 'errors' object in ProblemDetails body.");
-        }
-
-        var found = false;
-        foreach (var prop in errorsEl.EnumerateObject())
-        {
-            if (prop.Name.Contains(expectedMention, StringComparison.OrdinalIgnoreCase))
-            {
-                found = true;
-                break;
-            }
-
-            foreach (var msg in prop.Value.EnumerateArray())
-            {
-                if (msg.GetString()?.Contains(expectedMention, StringComparison.OrdinalIgnoreCase) == true)
-                {
-                    found = true;
-                    break;
-                }
-            }
-
-            if (found) break;
-        }
-
-        if (!found)
-        {
-            var paths = string.Join(", ", errorsEl.EnumerateObject().Select(p => p.Name));
-            throw new Exception($"{label}: expected '{expectedMention}' to appear in errors keys or messages. Available paths: {paths}.");
-        }
-    }
 }