Zod validation resolved

[Tejas-h-blitz]

📋 What does this PR do?

Adds Zod validation for GET /api/products query parameters.

Previously, query params were parsed manually with no validation — page could
be negative, limit had no upper bound, and sort accepted arbitrary strings.
This PR adds an inline Zod validation middleware that sanitizes and coerces all
query params before they reach the handler.

Changes:

• Added productQuerySchema to server/validation/requestSchemas.js
• Added inline safeParse validation middleware to GET /api/products in server/routes/products.js
• Invalid requests now return 400 with field-level error details

🔗 Related Issue

Closes #637

🧪 How was this tested?

Tested manually via browser and curl:

• GET /api/products → 200, defaults applied (page=1, limit=24, sort=productId_asc)
• GET /api/products?page=0 → 400, "page must be at least 1"
• GET /api/products?limit=200 → 400, "limit cannot exceed 100"
• GET /api/products?sort=random → 400, invalid enum value
• GET /api/products?page=2&limit=10&sort=price_desc → 200, correct results

📸 Screenshots (if UI changes)

N/A — backend only change, no UI affected.

✅ Checklist

• I've read the CONTRIBUTING guide
• My code follows the project's style guidelines
• I've tested my changes locally
• I've linked the related issue
• I haven't introduced any new secrets or API keys