chore: configure Traefik X-Request-Id header forwarding (refs #83)

- Add X-Request-Id to access log fields for request correlation
- Add request-id middleware documenting backend UUID generation
- Add X-Request-Id to CORS allowed headers

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

config/traefik/dynamic/middleware.yml

@@ -1,5 +1,16 @@
 http:
   middlewares:
+    # Request ID forwarding middleware
+    # Note: Traefik v3 lacks native UUID generation
+    # Backend generates X-Request-Id if not present in request
+    # This middleware ensures the header is forwarded when present
+    request-id:
+      headers:
+        customRequestHeaders:
+          X-Forwarded-Host: "{{ .Request.Host }}"
+        # X-Request-Id forwarded automatically via passthrough
+        # Backend responsibility: generate UUID if header missing
+
     # Security headers middleware
     secure-headers:
       headers:
@@ -33,6 +44,7 @@ http:
           - "Content-Type"
           - "X-Requested-With"
           - "X-Tenant-ID"
+          - "X-Request-Id"
         accessControlAllowMethods:
           - "GET"
           - "POST"

config/traefik/traefik.yml

@@ -68,6 +68,7 @@ accessLog:
         User-Agent: redact
         Authorization: drop
         Cookie: drop
+        X-Request-Id: keep
 
 # Metrics for monitoring
 metrics: