fix: return 400 for malformed JSON bodies

[CleanDev-Fix]

Summary

Fixes #138 by mapping malformed JSON body-parser failures to a structured 400 invalid_request response instead of the generic 500 internal_error fallback.

Changes

• Detect entity.parse.failed and SyntaxError parser failures carrying HTTP 400 status in the terminal error handler.
• Return a stable Malformed JSON request body message without echoing parser internals, body snippets, or stack traces.
• Move request-id middleware before express.json() so parser failures preserve the standard requestId envelope.
• Add regression coverage for truncated JSON, trailing comma JSON, non-JSON text, valid JSON, oversized payloads, and genuine 500 errors.
• Document malformed JSON error behavior in the README.

Testing/Verification

• npm run lint
• npm run build
• npx prettier --check README.md src/middleware/index.ts src/routes/errors.ts src/malformed-json.test.ts
• $env:NODE_ENV='test'; node --test dist/*.test.js dist/**/*.test.js (75/75 passing)

Note: On Windows, the existing npm test script fails before executing tests because it uses Unix-style NODE_ENV=test; the equivalent command above ran the full compiled test suite.

Fixes #138

[mikewheeleer]

thanks for the effort @CleanDev-Fix! 🙏 issue #138 isn't assigned to you, and we merge from the assigned contributor to keep the campaign fair. please claim an open unassigned issue first, then open your PR. closing for now — hope to see it back 🙌