fix(BA-5978): strip input/ctx from SchemaValidationFailureInfo.errors

Pydantic v2 ErrorDetails carry the raw invalid input value and
validator-specific ctx. Capturing those verbatim leaks sensitive data
(passwords, tokens, …) into HTTP 400 responses / log output and can
include non-JSON-serializable objects.

Per review (#3224372025), strip the input and ctx keys before storing
in SchemaValidationFailureInfo.errors.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

Author: jopemachine

src/ai/backend/common/types.py

@@ -226,7 +226,19 @@ def build_validation_error(cls, info: SchemaValidationFailureInfo) -> BackendAIE
 
     @classmethod
     def _validation_failure_info(cls, exc: ValidationError) -> SchemaValidationFailureInfo:
-        return SchemaValidationFailureInfo(summary=str(exc), errors=exc.errors())
+        # Strip ``input`` and ``ctx`` per-error entry: those carry the raw
+        # invalid value and validator-specific context, which can contain
+        # sensitive data (passwords, tokens) and non-JSON-serializable
+        # objects. ``str(exc)`` may still embed input values; callers that
+        # log/return ``summary`` should treat it as opaque.
+        sanitized = [
+            cast(
+                ErrorDetails,
+                {k: v for k, v in err.items() if k not in ("input", "ctx")},
+            )
+            for err in exc.errors()
+        ]
+        return SchemaValidationFailureInfo(summary=str(exc), errors=sanitized)
 
     @classmethod
     def model_validate(cls, *args: Any, **kwargs: Any) -> Self: