Return bad request for invalid URI

[fool1280]

• Reject encoded slashes (%2F) in paths: mirrors Envoy's REJECT_REQUEST behavior but a bit stricter; any request with %2F in the path gets a 400 Bad Request response
• Decode %2E before normalization: per RFC 3986 §2.4, percent-encoded unreserved characters (like .) should be decoded before processing, so dot-segments like %2E%2E are properly collapsed by normalize()
• Propagate URISyntaxException from parsePath: instead of silently swallowing parse errors and falling back to a regex, invalid URIs now set a BAD_URI flag on the context and are rejected with a 400
• Remove the fallback regex: deleted URL_REGEX and the manual path-parsing fallback; invalid URIs are now a hard reject rather than a best-effort parse
• Remove opaque URI handling