Fix XSS context analyzer edge cases for issue #7086

1. javascript: URI detection - Now correctly classified as ContextScript instead of ContextAttribute
2. srcdoc attribute - Now treated as ContextHTMLText for HTML injection

/claim #7086

Summary by CodeRabbit

• New Features

  • Added XSS detection with HTML-context awareness, canary-based reflection verification, context-aware payload replay, and public analyzer registration.
  • Fuzz analyzers now expose response metadata (body, headers, status code).
  • Thread-safe random generation for analyzers to improve concurrency reliability.

• Tests

  • Added comprehensive unit tests and benchmarks for XSS context detection and helpers.

• Chores

  • Enabled the XSS analyzer in the HTTP pipeline.