[AZ-810] Strict validation for POST /api/satellite/upload metadata

Adds the per-endpoint child of AZ-795 ("Strict Input Validation Epic")
for the UAV upload multipart endpoint. Three new validators land under
SatelliteProvider.Api/Validators/:

- UavTileBatchMetadataPayloadValidator: items NotNull + NotEmpty +
  count <= MaxBatchSize + RuleForEach dispatching to the per-item
  validator.
- UavTileMetadataValidator: lat / lon / tileZoom range, tileSizeMeters
  > 0, capturedAt within [now - MaxAgeDays, now + future-skew]; uses an
  injectable TimeProvider so unit tests can drive a fixed clock.
- UavUploadValidationFilter: IEndpointFilter that reads the multipart
  `metadata` form field, deserializes it with the strict global
  JsonSerializerOptions (so UnmappedMemberHandling.Disallow +
  [JsonRequired] from AZ-795 are honored), runs the FluentValidation
  chain, and enforces the cross-field `items.Count == files.Count`
  envelope rule. FluentValidation errors are prefixed with `metadata.`
  so wire keys look like `errors["metadata.items[0].latitude"]`.

[JsonRequired] is added to every non-optional axis on
UavTileMetadata and UavTileBatchMetadataPayload; FlightId stays
nullable per AZ-503 anonymous-flight semantics.

Coverage: 13 unit tests + 16 integration tests + 1 curl probe script
exercise the happy path and every failure mode. All 9 ACs covered;
no regression in AZ-488 UavUploadTests payloads (traced against the
new rules).

Documentation: uav-tile-upload.md bumped v1.1.0 -> v1.2.0 with the
new validation rules section + 400-shape examples + changelog entry.
api_program.md updated to describe the three new validators + filter
+ the AddTransient<UavUploadValidationFilter>() DI registration.

Reports: batch_04_cycle8_report.md + reviews/batch_04_cycle8_review.md
record the PASS_WITH_WARNINGS verdict (2 Low DRY-in-tests findings:
FixedTimeProvider duplication crossed the cycle-2 "promote to shared"
threshold; PostBatch helper duplicated between two integration
suites). Both deferred to follow-up PBIs.

Task spec archived: _docs/02_tasks/todo/AZ-810... -> done/.
Jira: AZ-810 transitioned In Progress -> In Testing.

Co-authored-by: Cursor <cursoragent@cursor.com>

SatelliteProvider.Common/DTO/UavTileMetadata.cs

@@ -1,3 +1,5 @@
+using System.Text.Json.Serialization;
+
 namespace SatelliteProvider.Common.DTO;
 
 // AZ-488 / `uav-tile-upload.md` v1.0.0 — per-tile metadata supplied with each
@@ -9,17 +11,28 @@ namespace SatelliteProvider.Common.DTO;
 // to per-flight on-disk paths (./tiles/uav/{flight_id}/{z}/{x}/{y}.jpg). When
 // absent, the row is treated as flight-anonymous and the UPSERT collapses to
 // the AZ-484 "single row per (cell, source)" semantics via COALESCE-to-zero.
+//
+// AZ-810 (cycle 8) added [JsonRequired] to every non-optional axis so the
+// deserializer rejects partial payloads with HTTP 400 + ValidationProblemDetails
+// via GlobalExceptionHandler BEFORE the FluentValidation + IUavTileQualityGate
+// layers run. FlightId stays optional per AZ-503 anonymous-flight semantics.
 public record UavTileMetadata
 {
+    [JsonRequired]
     public double Latitude { get; init; }
+    [JsonRequired]
     public double Longitude { get; init; }
+    [JsonRequired]
     public int TileZoom { get; init; }
+    [JsonRequired]
     public double TileSizeMeters { get; init; }
+    [JsonRequired]
     public DateTime CapturedAt { get; init; }
     public Guid? FlightId { get; init; }
 }
 
 public record UavTileBatchMetadataPayload
 {
+    [JsonRequired]
     public List<UavTileMetadata> Items { get; init; } = new();
 }