fix(aws): preserve multi-value response headers in Lambda gateway

[tom-groves]

Summary

Fixes #140 — multi-value response headers (most visibly Set-Cookie) are silently dropped in the AWS Lambda gateway.

• handleHttpProxyRequest and handleApiGatewayRequest flatten response headers into map[string]string, so Go map key uniqueness silently discards all but one value per header name
• Both functions return APIGatewayProxyResponse (v1), which is the wrong type for Nitric's v2 HTTP API integration (payload format 2.0)
• MultiValueHeaders is not viable — API Gateway v2 format 2.0 silently ignores it (CVE-2024-24753)

Fix

• Add a shared lambdaHeaders helper that routes Set-Cookie values to the dedicated Cookies []string field and comma-folds all other multi-value headers per RFC 9110 §5.3
• Switch both handler functions (+ error paths) from APIGatewayProxyResponse to APIGatewayV2HTTPResponse
• Header keys are lowercased at this layer — fasthttp normalises to Title-Case, protobuf headers arrive with arbitrary casing, and API Gateway v2 normalises to lowercase on the wire anyway

Not affected

GCP/Azure use the common HTTP gateway (cloud/common/runtime/gateway/http.go) which correctly calls Header.Add(k, val) in a nested loop.

Test plan

• Unit tests for lambdaHeaders helper: multiple Set-Cookie, comma-folded multi-value, single-value unchanged, mixed-case normalisation
• All existing gateway tests pass (go test ./cloud/aws/runtime/gateway/...)
• Deploy to test environment — verify multiple cookies arrive in browser, check Network tab for comma-joined multi-value headers

[vercel]

@tom-groves is attempting to deploy a commit to the Nitric Team on Vercel.

A member of the Team first needs to authorize it.