fix(appsec/jetty): cover Jetty 10.0.0-10.0.9 and close PartHelper InputStream

- jetty-appsec-9.4: extend muzzle to also cover Jetty 10.0.0–10.0.9, which were
  previously a gap. In those versions _multiParts is typed MultiPartFormInputStream
  (not MultiParts); the primary Reference spec matches 9.4.10+ and 10.0.10+, and an
  OrReference alternative matches 10.0.0–10.0.9. The GetFilenamesAdvice already uses
  typing=DYNAMIC so no advice changes are needed.

- jetty-appsec-8.1.3 PartHelper: wrap part.getInputStream() in try-with-resources to
  avoid leaking file descriptors on file-backed multipart form fields.

Author: jandro996

dd-java-agent/instrumentation/jetty/jetty-appsec/jetty-appsec-8.1.3/src/main/java/datadog/trace/instrumentation/jetty8/PartHelper.java

@@ -94,8 +94,7 @@ static String filenameFromPart(Part part) {
   }
 
   private static String readPartContent(Part part) {
-    try {
-      InputStream is = part.getInputStream();
+    try (InputStream is = part.getInputStream()) {
       ByteArrayOutputStream baos = new ByteArrayOutputStream();
       byte[] buf = new byte[4096];
       int read;

dd-java-agent/instrumentation/jetty/jetty-appsec/jetty-appsec-9.4/build.gradle

@@ -5,6 +5,14 @@ muzzle {
     module = 'jetty-server'
     versions = '[9.4.10,10.0)'
   }
+  pass {
+    name = 'early_10_series'
+    group = 'org.eclipse.jetty'
+    module = 'jetty-server'
+    // _multiParts: MultiPartFormInputStream (before 10.0.10 switched to MultiParts)
+    versions = '[10.0.0,10.0.10)'
+    javaVersion = 11
+  }
   pass {
     name = '10_series'
     group = 'org.eclipse.jetty'

dd-java-agent/instrumentation/jetty/jetty-appsec/jetty-appsec-9.4/src/main/java/datadog/trace/instrumentation/jetty94/RequestExtractContentParametersInstrumentation.java

@@ -58,10 +58,11 @@ public void methodAdvice(MethodTransformer transformer) {
         getClass().getName() + "$GetFilenamesFromMultiPartAdvice");
   }
 
-  // Discriminates Jetty [9.4.10, 10.0) and [10.0.10, 11.0):
+  // Discriminates Jetty [9.4.10, 10.0) + [10.0.0, 11.0):
   //  - _contentParameters + extractContentParameters(void) exist from 9.3+ (excludes 9.2)
-  //  - _multiParts: MultiParts exists in 9.4.10+ and 10.0.10+ (excludes early 9.4.x covered by
-  //    jetty-appsec-9.3, and excludes 10.0.0–10.0.9 where _multiParts is MultiPartFormInputStream)
+  //  - _multiParts field exists from 9.4.10+ (excludes 9.3.x–9.4.9 covered by jetty-appsec-9.3)
+  //    - primary spec: _multiParts: MultiParts   → matches 9.4.10–9.4.x and 10.0.10+
+  //    - OR spec:      _multiParts: MultiPartFormInputStream → matches 10.0.0–10.0.9
   //  - _dispatcherType: Ljavax/servlet/DispatcherType; in the Request bytecode (excludes Jetty 11+
   //    where the field descriptor is Ljakarta/servlet/DispatcherType;). This check is tied to the
   //    Request.class bytecode, NOT just classpath presence, so it works even when both
@@ -73,6 +74,15 @@ public void methodAdvice(MethodTransformer transformer) {
           .withField(new String[0], 0, "_contentParameters", MULTI_MAP_INTERNAL_NAME)
           .withField(new String[0], 0, "_multiParts", "Lorg/eclipse/jetty/server/MultiParts;")
           .withField(new String[0], 0, "_dispatcherType", "Ljavax/servlet/DispatcherType;")
+          .or()
+          .withMethod(new String[0], 0, "extractContentParameters", "V")
+          .withField(new String[0], 0, "_contentParameters", MULTI_MAP_INTERNAL_NAME)
+          .withField(
+              new String[0],
+              0,
+              "_multiParts",
+              "Lorg/eclipse/jetty/server/MultiPartFormInputStream;")
+          .withField(new String[0], 0, "_dispatcherType", "Ljavax/servlet/DispatcherType;")
           .build();
 
   @Override