feat: validate JS Recon endpoints before graph ingest

[gbxbgbl]

Summary

• Adds endpoint validation for JS Recon candidates before they are written into the graph, while preserving raw endpoint candidates in the JS Recon JSON output.
• Exposes accepted status codes and probe-only custom headers in project settings and the JS Recon UI.
• Stores validation metadata on graph Endpoint nodes and adds regression coverage for filtered graph ingestion.

Type of Change

• Bug fix
• New feature
• Refactor (no behavior change)
• Documentation
• Test

Component(s)

• webapp (Next.js)
• recon-orchestrator (Python)
• agent (Python)
• kali-sandbox / MCP servers
• docs / wiki
• other: ___

How to Test

1. Run python -m py_compile recon\\main_recon_modules\\js_recon.py recon\\project_settings.py graph_db\\mixins\\recon\\js_recon_mixin.py recon\\tests\\test_js_recon.py tests\\test_js_recon_graph_ingestion.py.
2. Run python -m unittest tests.test_js_recon_graph_ingestion -q.
3. Run git diff --check master..HEAD.
4. Optional local dependency checks: python recon\\tests\\test_js_recon.py, npm run type-check in webapp/, and npx --yes vitest run src/lib/recon-preset-schema.test.ts in webapp/.

Checklist

• I have tested this change locally with docker compose
• I have not included real-world target data
• My commits follow Conventional Commits
• I have read and agree to the DISCLAIMER.md

Screenshots

Not included.

Related Issues

Relates to JS Recon graph pollution from unreachable extracted endpoints.