chore: simplify and harden security review changes

- Add prompt-injection fencing to _webhook_memory_content (was missing
  the --- BEGIN/END EXTERNAL DATA --- fence applied elsewhere)
- Wrap Content-Length parsing in try/except to avoid 500 on malformed
  header values
- Move _to_gateway_read below imports (was incorrectly placed between
  import blocks) and tighten transformer types
- Replace list-rebuild with deque.popleft in rate limiter for O(expired)
  amortized pruning instead of O(n) per call
- Make organization_id required in send_session_message to prevent
  fail-open cross-tenant check

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

backend/app/services/openclaw/session_service.py

@@ -378,12 +378,11 @@ class GatewaySessionService(OpenClawDBService):
         session_id: str,
         payload: GatewaySessionMessageRequest,
         board_id: str | None,
-        organization_id: UUID | None = None,
+        organization_id: UUID,
         user: User | None,
     ) -> None:
         board, config, main_session = await self.require_gateway(board_id, user=user)
-        if organization_id is not None:
-            self._require_same_org(board, organization_id)
+        self._require_same_org(board, organization_id)
         if user is None:
             raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED)
         await require_board_access(self.session, user=user, board=board, write=True)