SK-2813: Python SDK v2 — code quality, security hardening, and message fixes

[saileshwar-skyflow]

Why

• update_log_level was a duplicate of set_log_level on the live client — removed to keep one canonical method
• FileUploadRequest.skyflow_id had no default, forcing callers to always supply it even when the vault assigns the ID — made optional with skyflow_id=None
• Response objects inconsistently named the primary key field — standardised to skyflow_id (snake_case) across Insert, Update, Get, Query, Delete, and Tokenize responses
• errors field was absent on success paths, requiring callers to guard against AttributeError — always present now, set to None when there are no errors
• Several validators used if not x: truthy guards that silently rejected 0, False, and "" as invalid — switched to explicit is None checks
• File handles in service account utilities were not using context managers, risking leaks on error paths
• Magic strings and integers ('clientID', 'urn:ietf:…', 500) were scattered outside constants classes — replaced with CredentialField, JWT, SdkMetricsKey, and HttpStatusCode constants
• is_valid_url accepted http:// URLs, allowing OAuth token exchanges over cleartext (CWE-319); token_uri overrides from options bypassed URL validation entirely
• processed_file_extension from API responses was used unsanitized in output file path construction, enabling path traversal (CWE-22)
• INVALID_UPSERT_OPTIONS_TYPE error message described "cannot be empty" and referenced "table and column objects," neither of which matched the actual validation condition

Outcome

• Single set_log_level() method on the Skyflow client; no duplicate
• FileUploadRequest(table, column_name, ...) works without passing skyflow_id
• All vault responses expose skyflow_id in snake_case; errors is always a field (value is None when clean)
• Validators consistently use is None / is not None guards; 0, False, and "" are no longer falsely rejected
• File handles always closed via context managers
• All credential keys, grant type, metric keys, and HTTP status codes go through named constants
• is_valid_url enforces HTTPS-only; token_uri overrides are validated before use
• Output file paths are constructed from a sanitized extension and confirmed inside the expected directory via os.path.realpath
• INVALID_UPSERT_OPTIONS_TYPE message accurately describes the constraint: upsert must be a non-empty string column name
• All 437 existing tests pass