test: add internal header security guidelines and test violation
Add AGENTS.md to packages/next/src/server/ with security review
guidelines for internal header trust boundaries. This file is
picked up by the VADE PR reviewer to flag unprotected reads of
internal headers (next-resume, x-invocation-id, etc.).
Includes a deliberate test violation file to verify that VADE
catches the issue. The violation file should be removed after
verification.
next.js
bde86094 - test: add internal header security guidelines and test violation
