fix: resolve CI lint and buf format failures

- Replace byte() casts with unicode.ToLower in camelToSnake to avoid
  gosec G115 vs nolintlint conflict across golangci-lint versions
- Run buf format on proto files (trailing whitespace, missing EOF newlines,
  comment alignment)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Author: SebastienMelki

internal/httpgen/generator.go

@@ -4,6 +4,7 @@ import (
 	"fmt"
 	"strconv"
 	"strings"
+	"unicode"
 
 	"google.golang.org/protobuf/compiler/protogen"
 
@@ -887,18 +888,18 @@ func (g *Generator) getPathParams(method *protogen.Method) []string {
 }
 
 func camelToSnake(s string) string {
-	var result []byte
+	var b strings.Builder
 	for i, r := range s {
 		if r >= 'A' && r <= 'Z' {
 			if i > 0 {
-				result = append(result, '_')
+				b.WriteByte('_')
 			}
-			result = append(result, byte(r+'a'-'A')) //nolint:gosec // r is guaranteed ASCII uppercase A-Z
+			b.WriteRune(unicode.ToLower(r))
 		} else {
-			result = append(result, byte(r)) //nolint:gosec // r is guaranteed ASCII lowercase or digit
+			b.WriteRune(r)
 		}
 	}
-	return string(result)
+	return b.String()
 }
 
 // generateErrorResponseFunctions generates error response helper functions.

proto/sebuf/http/annotations.proto

@@ -209,4 +209,4 @@ extend google.protobuf.EnumValueOptions {
   // When set, this value is used for JSON serialization instead of the proto name.
   // Combines with enum_encoding=STRING on fields using this enum.
   optional string enum_value = 50012;
-}
+}

proto/sebuf/http/errors.proto

@@ -23,8 +23,8 @@ message FieldViolation {
   // The field path that failed validation (e.g., "user.email" for nested fields)
   // For header validation, this will be the header name (e.g., "X-API-Key")
   string field = 1;
-  
+
   // Human-readable description of the validation violation
   // (e.g., "must be a valid email address", "required field missing")
   string description = 2;
-}
+}

proto/sebuf/http/headers.proto

@@ -10,22 +10,22 @@ option go_package = "github.com/SebastienMelki/sebuf/http;http";
 message Header {
   // Name of the header parameter
   string name = 1;
-  
+
   // Description of the header parameter
   string description = 2;
-  
+
   // Type of the header parameter (string, integer, number, boolean, array)
   string type = 3;
-  
+
   // Whether the header is required
   bool required = 4;
-  
+
   // Schema format (e.g. "uuid", "email", "date-time")
   string format = 5;
-  
+
   // Example value for the header
   string example = 6;
-  
+
   // Whether the header is deprecated
   bool deprecated = 7;
 }
@@ -50,4 +50,4 @@ extend google.protobuf.ServiceOptions {
 // Extension for method-level headers
 extend google.protobuf.MethodOptions {
   MethodHeaders method_headers = 50006;
-}
+}

proto/sebuf/krakend/krakend.proto

@@ -80,30 +80,30 @@ enum JWTAlgorithm {
   JWT_ALGORITHM_UNSPECIFIED = 0;
 
   // RSA PKCS#1 v1.5 with SHA-256/384/512. Most common for Auth0, Okta, etc.
-  JWT_ALGORITHM_RS256 = 1;   // JSON: "RS256"
-  JWT_ALGORITHM_RS384 = 2;   // JSON: "RS384"
-  JWT_ALGORITHM_RS512 = 3;   // JSON: "RS512"
+  JWT_ALGORITHM_RS256 = 1; // JSON: "RS256"
+  JWT_ALGORITHM_RS384 = 2; // JSON: "RS384"
+  JWT_ALGORITHM_RS512 = 3; // JSON: "RS512"
 
   // HMAC with SHA-256/384/512. Symmetric — same secret signs and verifies.
   // Use only when the signing secret can be securely shared with KrakenD.
-  JWT_ALGORITHM_HS256 = 4;   // JSON: "HS256"
-  JWT_ALGORITHM_HS384 = 5;   // JSON: "HS384"
-  JWT_ALGORITHM_HS512 = 6;   // JSON: "HS512"
+  JWT_ALGORITHM_HS256 = 4; // JSON: "HS256"
+  JWT_ALGORITHM_HS384 = 5; // JSON: "HS384"
+  JWT_ALGORITHM_HS512 = 6; // JSON: "HS512"
 
   // ECDSA with P-256/P-384/P-521 curves and SHA-256/384/512.
   // Smaller keys than RSA with equivalent security.
-  JWT_ALGORITHM_ES256 = 7;   // JSON: "ES256"
-  JWT_ALGORITHM_ES384 = 8;   // JSON: "ES384"
-  JWT_ALGORITHM_ES512 = 9;   // JSON: "ES512"
+  JWT_ALGORITHM_ES256 = 7; // JSON: "ES256"
+  JWT_ALGORITHM_ES384 = 8; // JSON: "ES384"
+  JWT_ALGORITHM_ES512 = 9; // JSON: "ES512"
 
   // RSA-PSS with SHA-256/384/512. More secure padding than PKCS#1 v1.5.
-  JWT_ALGORITHM_PS256 = 10;  // JSON: "PS256"
-  JWT_ALGORITHM_PS384 = 11;  // JSON: "PS384"
-  JWT_ALGORITHM_PS512 = 12;  // JSON: "PS512"
+  JWT_ALGORITHM_PS256 = 10; // JSON: "PS256"
+  JWT_ALGORITHM_PS384 = 11; // JSON: "PS384"
+  JWT_ALGORITHM_PS512 = 12; // JSON: "PS512"
 
   // Edwards-curve Digital Signature Algorithm (Ed25519).
   // High performance, small signatures.
-  JWT_ALGORITHM_EDDSA = 13;  // JSON: "EdDSA"
+  JWT_ALGORITHM_EDDSA = 13; // JSON: "EdDSA"
 }
 
 // ---------------------------------------------------------------------------