Add security response id to AppSec blocking response

[y9v]

What does this PR do?
This PR adds rendering of unique security response identifier in the response when AppSec blocks the request.

Motivation:
This unique identifier, introduced in libddwaf v1.28.0, can be used to correlate blocked requests with logs, traces, and security events.

Change log entry
Yes. AppSec: Add unique security response identifier in the response body for blocked requests.

Additional Notes:
APPSEC-59951.

How to test the change?
CI and manual testing.

[github-actions]

Typing analysis

Note: Ignored files are excluded from the next sections.

Untyped methods

This PR introduces 1 partially typed method, and clears 1 partially typed method.

Partially typed methods (+1-1)

❌ Introduced:

sig/datadog/appsec/response.rbs:12
└── def to_rack: () -> ::Array[untyped]

✅ Cleared:

sig/datadog/appsec/response.rbs:10
└── def to_rack: () -> ::Array[untyped]

If you believe a method or an attribute is rightfully untyped or partially typed, you can add # untyped:accept to the end of the line to remove it from the stats.

[pr-commenter]

Benchmarks

Benchmark execution time: 2025-11-17 15:53:38

Comparing candidate commit 7ecc8d0 in PR branch appsec-add-security-response-id-to-blocking-response with baseline commit 49cee89 in branch master.

Found 0 performance improvements and 0 performance regressions! Performance is the same for 44 metrics, 2 unstable metrics.

[datadog-datadog-prod-us1]

✅ Tests

🎉 All green!

❄️ No new flaky tests detected
🧪 All tests passed

🎯 Code Coverage
• Patch Coverage: 104.00%
• Total Coverage: 98.51% (+0.03%)

View detailed report

_{This comment will be updated automatically if new data arrives.
🔗 Commit SHA: 682849d | Docs | Datadog PR Page | Was this helpful? Give us feedback!}

[Strech]

I left few non-blocking comments with minor improvements