chore(iast): refactor iast request context by core.context

[avara1986]

This PR continues the work Christophe started in PR #10899, focusing on a refactor of the IAST context. Key highlights of this refactor include:

• Similar to PR chore(asm): refactor replacing old asm_request context by core.context #10899, an IASTEnvironment class has been introduced, which contains request_enabled and IastSpanReporter. These no longer depend on spans, only on the core context.
• The IAST context is still created in the Span Processor on_span_start.
• The context now finalizes with with core.context_with_data, and when the WSGI request ends, it calls the listener context.ended.wsgi.__call__. Previously, when calling Span Processor on_span_finish, the context was sometimes lost. Now, it ensures that the context hasn’t already been reported to avoid this issue, as seen in cases like the Django tests, where Span Processor.on_span_finish is called instead of context.ended.wsgi.__call__.
• The thread_local struct ThreadContextCache_ has been temporarily removed to align C++ context behavior with Python’s. This is reflected in the test test_oce_concurrent_requests_futures_in_spans. That is a rollback of fix(iast): improve overhead control logic #8452.
• The function _patched_fastapi_function and Header patching was removed due to an error in FastAPI v0.92
• Additional validation points have been added for is_iast_request_enabled to avoid unnecessary operations.
• The logic from AppSecIastSpanProcessor.is_span_analyzed has been moved to is_iast_request_enabled.
• _asm_request_context.listen has been renamed to _asm_request_context.asm_listen to avoid confusion with other listen methods.
• _asm_request_context.in_context has been renamed to _asm_request_context.in_asm_context to differentiate it from in_iast_context.
• The import of DDWaf_result from ddtrace.appsec._ddwaf has been moved inside the if TYPE_CHECKING block to prevent circular imports caused by this refactor.
• IAST wrappers: check if wrapped function has a func to skip RecursionError: maximum recursion depth exceeded in comparison in some Python versions https://gitlab.ddbuild.io/DataDog/apm-reliability/dd-trace-py/-/jobs/668530031

Tests:

• All IAST tests have been refactored to accommodate the new way of creating and using the context.
• The test test_weak_hash_new_with_child_span has been removed because we no longer depend on spans or child spans.
• The deprecated attribute oce._enabled = True has been removed.
• An IAST test in tests/tracer/test_trace_utils.py had to be updated and was moved to taint_sinks/test_insecure_cookie.py, so it requires validation from the @DataDog/apm-sdk-api-python team.
• Context creation/finalization has been updated in the benchmarks, requiring validation from the @DataDog/apm-core-python team.

Checklist

• PR author has checked that all the criteria below are met
• The PR description includes an overview of the change
• The PR description articulates the motivation for the change
• The change includes tests OR the PR description describes a testing strategy
• The PR description notes risks associated with the change, if any
• Newly-added code is easy to change
• The change follows the library release note guidelines
• The change includes or references documentation updates if necessary
• Backport labels are set (if applicable)

Reviewer Checklist

• Reviewer has checked that all the criteria below are met
• Title is accurate
• All changes are related to the pull request's stated goal
• Avoids breaking API changes
• Testing strategy adequately addresses listed risks
• Newly-added code is easy to change
• Release note makes sense to a user of the library
• If necessary, author has acknowledged and discussed the performance implications of this PR as reported in the benchmarks PR comment
• Backport labels are set in a manner that is consistent with the release branch maintenance policy

[gnufede]

Suggested change

	# log_messages = [record.message for record in caplog.get_records("call")]
	# if not any(message.startswith("[IAST] no vulnerability quota") for message in log_messages):
	# pytest.fail()

[gnufede]

Maybe create a Jira task instead?

[gnufede]

Is this be related to the FastAPI issue? Maybe just remove it?

Suggested change

	# try_wrap_function_wrapper(
	# "starlette.datastructures",
	# "Headers.__getitem__",
	# functools.partial(if_iast_taint_returned_object_for, OriginType.HEADER),
	# )
	# try_wrap_function_wrapper(
	# "starlette.datastructures",
	# "Headers.get",
	# functools.partial(if_iast_taint_returned_object_for, OriginType.HEADER),
	# )
	# try_wrap_function_wrapper(
	# "fastapi",
	# "Header",
	# functools.partial(_patched_fastapi_function, OriginType.HEADER),
	# )
	# _set_metric_iast_instrumented_source(OriginType.HEADER)

[gnufede]

This comment is now far from the logic it explains