[AAP-65701] Add nginx log markers for direct API access detection

[TheRealHaoLiu]

What is being changed?

Add nginx log markers to all three EDA nginx config templates to enable detection of direct component access vs gateway-proxied requests:

• eda-api.configmap.yaml.j2 (API server nginx)
• eda-event-stream.configmap.yaml.j2 (Event stream nginx)
• eda.configmap.yaml.j2 (UI nginx)

Why is this change needed?

As part of ANSTRAT-1840 (Remove direct API access to platform components in AAP 2.7), we need visibility into whether requests to EDA are arriving through the AAP gateway (with X-Trusted-Proxy and X-DAB-JW-TOKEN headers) or directly.

The nginx log markers allow operators to detect and audit direct component access using log analysis tools.

How does this change address the issue?

Each nginx config template now includes:

• map directives that detect the presence of X-Trusted-Proxy and X-DAB-JW-TOKEN headers
• A log_format that appends rid=$request_id, $trusted_proxy_present, and $dab_jwt_present markers
• Explicit access_log /dev/stdout main; and error_log /dev/stderr warn; for consistent logging

The upstream default ingress_type: none is already correct for AAP deployments (no direct routes created).

Does this change introduce any new dependencies, blockers or breaking changes?

No new dependencies. This is additive to the log format. Compatible with PR #317 (AAP-65231) which also adds rid=$request_id and stdout/stderr logging.

How it can be tested?

1. Deploy EDA with the operator
2. Check nginx access logs for the new marker fields
3. Requests through the gateway should show trusted-proxy dab-jwt
4. Direct requests should show - -

Relates-to: AAP-65701, ANSTRAT-1840

[jamesmarshall24]

This PR is broken, fixed with:
TheRealHaoLiu#1

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud