The isUpgrade() check used exact string match (== "Upgrade") for the
Connection header value. A client sending "Connection: upgrade"
(lowercase) would bypass this check. While not exploitable in practice
(the Upgrade header check catches real upgrades), this hardens the
proxy with defense-in-depth.
Also adds a comprehensive security test suite covering jailbreak
attempts: method override smuggling, path traversal, dryRun parameter
injection, upgrade header smuggling, review endpoint spoofing, unusual
HTTP methods, concurrent request filtering, and credential leakage.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
