[codex] Fix Twilio signature canonicalization performance

[winhowes]

Summary

Fixes a performance bug in Twilio signature authentication by replacing repeated string concatenation in canonical request construction with a pre-sized strings.Builder.

Root Cause

canonicalString appended form keys and values with += inside nested loops. For large form bodies this repeatedly copied the accumulated string, making canonicalization scale poorly as request size grew.

Changes

• Parse canonical form values from the cached request body instead of calling ParseForm on the request body.
• Build the canonical string with a pre-sized strings.Builder.
• Preserve existing behavior when Request.PostForm is already populated.
• Add regression coverage that canonicalization uses cached body bytes and authentication leaves the body readable for upstream proxying.
• Add a benchmark for large Twilio-style form payloads.

Validation

• go test ./...
• go test ./app/auth/plugins/twilio_signature -run '^$' -bench BenchmarkCanonicalStringLargeForm -benchmem -count=3

Benchmark on Apple M2 Max: about 0.51 ms/op, 591 KB/op, 2036 allocs/op for a 2,000-field form.

[winhowes]

@codex review

[chatgpt-codex-connector]

Codex Review: Didn't find any major issues. Swish!

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".