fix(fetch): prefer filename* over filename in multipart form-data

[maruthang]

This relates to...

Closes #4661

Rationale

When a multipart/form-data Content-Disposition header carries both the legacy filename parameter and the RFC 5987 extended filename* parameter, RFC 5987 §4.1 requires the extended form to take precedence regardless of the order the two parameters appear in:

When the same parameter name is defined both in non-extended and extended notation, the latter is preferred.

The previous parser simply assigned filename to whichever attribute was seen last, so a legacy filename appearing after filename* would clobber the percent-decoded extended value. The original bug report (#4661) used a payload generated by the C# HTTP client which emits both attributes in that order — pre PR #4662 the parser threw expected CRLF; after PR #4662 it parses successfully but ignores the filename* value.

This change tracks whether filename was sourced from the extended form and refuses to overwrite it with a subsequent legacy filename, so the extended value is always used when both are present.

The maintainer follow-up on the issue specifically requested:

• A test that explicitly ensures filename* is parsed correctly
• A test that ensures that without filename, parsing still succeeds
• A test that ensures filename* takes priority over filename when both are present

All three are added in test/busboy/issue-4661.js, plus tests for both attribute orderings and a percent-encoded UTF-8 value (%E2%82%AC → €).

Changes

Features

N/A

Bug Fixes

• lib/web/fetch/formdata-parser.js — parseContentDispositionAttribute now reports whether the attribute used the extended (*) notation, and the content-disposition header handler keeps the extended filename* value even when a legacy filename follows it.
• test/busboy/issue-4661.js — regression coverage for the original payload, filename-only, filename*-only, both orderings, and percent-encoded UTF-8.

Breaking Changes and Deprecations

None.

Status

• I have read and agreed to the Developer's Certificate of Origin
• Tested
• Benchmarked (optional)
• Documented
• Review ready
• In review
• Merge ready

[codecov-commenter]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 93.10%. Comparing base (e1211a5) to head (0c43ee5).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #5068      +/-   ##
==========================================
- Coverage   93.10%   93.10%   -0.01%     
==========================================
  Files         110      110              
  Lines       35788    35799      +11     
==========================================
+ Hits        33322    33331       +9     
- Misses       2466     2468       +2     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.