Wrong `Content-Type` Causes 500

[thehabes]

JSON request body with text/plain header will do it.

Load Test Evidence (Run 4, Phase 8 — Fuzzing)

From k6 Phase 8e (header manipulation):

• POST /v1/api/create with valid JSON body but Content-Type: text/plain → 500
• No stack trace leaked in response

This was also accompanied by a connection reset by peer error from k6, suggesting the Express process may be crashing/restarting mid-response rather than gracefully returning an error. This overlaps with #248 (connection reset on bad headers).

Expected: 400 Bad Request or 415 Unsupported Media Type.