refactor: HTTP checker 质量加固

- failure actual 截断格式改为 …(共 N 字符)，标量不序列化直接返回
- 新增 redos.ts 实现 ReDoS 静态检测（嵌套量词/重叠交替），启动期拒绝危险正则
- JSON body rules 共享同一次 JSON.parse 结果，避免重复解析
- checkCssRule 重构为线性流程，消除 exist:true 与无 operator 的冗余分支
- extract checkEarlyTimeout 辅助函数，明确提前 duration 检查意图
- 补充 303/307/308 重定向、相对路径 Location、混合 body rules 集成测试

src/server/checker/expect/validate-operator.ts

@@ -3,6 +3,7 @@ import type { JsonValue } from "../types";
 
 import { OperatorKeys } from "../schema/fragments";
 import { issue, joinPath } from "../schema/issues";
+import { isUnsafeRegex } from "./redos";
 
 const OPERATOR_KEY_SET = new Set<string>(OperatorKeys);
 
@@ -70,10 +71,10 @@ export function validateOperatorValue(
       if (typeof value !== "string") return [issue("invalid-type", path, "必须为字符串", targetName)];
       try {
         new RegExp(value);
-        return [];
       } catch {
         return [issue("invalid-regex", path, "正则不合法", targetName)];
       }
+      return isUnsafeRegex(value) ? [issue("unsafe-regex", path, "正则存在 ReDoS 风险", targetName)] : [];
     default:
       return [issue("unknown-operator", path, "是未知 operator", targetName)];
   }