Add internal header security guideline to AGENTS.md (#92128)
## Summary
Adds a security guideline to `AGENTS.md` that instructs the PR reviewer
to flag new code that reads non-standard request headers without
checking them against the `INTERNAL_HEADERS` filter list in
`packages/next/src/server/lib/server-ipc/utils.ts`.
## Context
`filterInternalHeaders()` strips internal headers from incoming requests
at the router-server entry point. When new internal headers are
introduced but not added to the filter list, external attackers can
forge them. This guideline helps catch those gaps during code review.
Validated in #92122 — the reviewer successfully flagged a test violation
using this guideline.
## Test plan
- [x] Verified the reviewer catches unfiltered header reads with this
guideline (see #92122)
