Fix audit middleware to always restore request body

[jhrozek]

A small bug I found when testing the vMCP audit middleware manually like a caveman made me forget to set an explicit maxDataSize - turns out that auditing didn't work without the data size being set explicitly at all.

The audit middleware was consuming the request body but only restoring it when the body size was within MaxDataSize. This caused downstream handlers to receive an empty body when the size limit was exceeded.

The original condition appears to have been a bug rather than intentional:

• The comment "Restore the body for the next handler" indicates the intent was to always restore the body for downstream handlers
• The response writer in the same file handles oversized data correctly by stopping capture but still writing through to the underlying writer
• The consequence was silently broken requests when body exceeded MaxDataSize

Now the body is always restored after reading, and size checking only affects whether the data is captured for audit logging. This matches the pattern used for response data capture.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 56.82%. Comparing base (23bf796) to head (80be37d).
⚠️ Report is 30 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #3060   +/-   ##
=======================================
  Coverage   56.82%   56.82%           
=======================================
  Files         335      335           
  Lines       33464    33465    +1     
=======================================
+ Hits        19017    19018    +1     
  Misses      12856    12856           
  Partials     1591     1591           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.