Add telemetry metrics for API Security schema extraction

[y9v]

What does this PR do?
This PR adds reporting of appsec.api_security.request.schema and appsec.api_security.request.no_schema telemetry. One of those metrics must be reported depending of whether the schema was successfully extracted or not.

Motivation:
We want to report more telemetry metrics for AppSec.

Change log entry
None.

Additional Notes:
APPSEC-60123

How to test the change?
CI

[datadog-official]

✅ Tests

🎉 All green!

❄️ No new flaky tests detected
🧪 All tests passed

🎯 Code Coverage (details)
• Patch Coverage: 84.62%
• Overall Coverage: 95.10%

_{This comment will be updated automatically if new data arrives.
🔗 Commit SHA: ec69065 | Docs | Datadog PR Page | Was this helpful? Give us feedback!}

[pr-commenter]

Benchmarks

Benchmark execution time: 2026-02-13 14:17:06

Comparing candidate commit ec69065 in PR branch appsec-api-security-schema-telemetry with baseline commit 4f22dac in branch master.

Found 0 performance improvements and 0 performance regressions! Performance is the same for 44 metrics, 2 unstable metrics.

[Strech]

After discussion we come to the conclusion that some refactoring needed:

1. Update extract schema method to mutate events without disclosing event itself
2. Metric should be counted on schema extraction
3. Absence of the counted metric (via state or other) tracked and added on the metrics export as "no schema"

[github-actions]

Typing analysis

Note: Ignored files are excluded from the next sections.

steep:ignore comments

This PR introduces 1 steep:ignore comment, and clears 1 steep:ignore comment.

steep:ignore comments (+1-1)

❌ Introduced:

lib/datadog/appsec/context.rb:20

✅ Cleared:

lib/datadog/appsec/context.rb:19

[Strech]

A solid change 👍🏼

[Strech]

There is also an option to give entire @state and exporter will figure it out, so we encapsulate it there

[y9v]

this depends on how much we want the telemetry exporter to know about the context state. Probably it's ok?