feat: Implement strict trace continuation

[giortzisg]

Summary

Implements strict trace continuation to validate org IDs in distributed traces, preventing trace continuation from unknown third-party services.

• Parse org_id from DSN host (e.g., o1 in https://key@o1.ingest.us.sentry.io/123 yields org ID "1")
• Add OrgId config option to manually override DSN-parsed value
• Add StrictTraceContinuation bool config option (default false)
• Propagate sentry-org_id in outgoing baggage via DynamicSamplingContext
• Validate org IDs in Hub.ContinueTrace():
  • Mismatched org IDs always start a new trace (regardless of setting)
  • Missing incoming org_id + StrictTraceContinuation: true -> start new trace
  • Missing incoming org_id + StrictTraceContinuation: false -> continue trace (default behavior)

Changes

Source files:

• src/Sentry/Dsn.cs - Parse org ID from DSN host subdomain
• src/Sentry/SentryOptions.cs - Add StrictTraceContinuation and OrgId options, GetEffectiveOrgId() helper
• src/Sentry/DynamicSamplingContext.cs - Add org_id to outgoing baggage in all DSC factory methods
• src/Sentry/Internal/Hub.cs - Add ShouldContinueTrace() validation logic in ContinueTrace()

Test files:

• test/Sentry.Tests/Protocol/DsnTests.cs - Tests for DSN org ID parsing
• test/Sentry.Tests/HubTests.cs - Comprehensive [Theory] tests for all org ID validation scenarios

Snapshot files:

• Updated 4 API approval snapshot files with new OrgId and StrictTraceContinuation properties

References

• Go implementation: feat: add StrictTraceContinuation option sentry-go#1210
• JS implementation: feat(core): Implement strictTraceContinuation sentry-javascript#16313
• Python implementation: Add org_id support sentry-python#5166

Closes #4963

[github-actions]

Semver Impact of This PR

⚪ None (no version bump detected)

📋 Changelog Preview

This is how your changes will appear in the changelog.
Entries from this PR are highlighted with a left border (blockquote style).

---

Features ✨

• feat: Implement strict trace continuation by giortzisg in #4981

• feat: Network calls for Session Replay on Android by jamescrosswell in #4860

Fixes 🐛

• fix: Log Warning instead of Error when ratelimited by bitsandfoxes in #4927

Dependencies ⬆️

Deps

• chore(deps): update Native SDK to v0.13.1 by github-actions in #4964
• chore(deps): update Cocoa SDK to v9.5.0 by github-actions in #4944
• chore(deps): update Native SDK to v0.13.0 by github-actions in #4941
• chore(deps): update CLI to v3.2.2 by github-actions in #4943
• chore(deps): update Java SDK to v8.33.0 by github-actions in #4933
• chore(deps): update CLI to v3.2.0 by github-actions in #4805
  • NOTE: Sentry CLI v3 removed support for the legacy API key authentication method. Sentry CLI now only supports authenticating with Auth Tokens. If you are using API key authentication via SentryApiKey, you need to generate an Auth Token and use SentryAuthToken, instead.
• chore(deps): update Cocoa SDK to v9.4.1 by github-actions in #4928
• chore(deps): update Native SDK to v0.12.8 by github-actions in #4929
• Apps built using the Sentry SDK for .NET must now target iOS version 15 or higher. Previously only version 13 or higher was required. (#4781) by github-actions in #4781
• Bump Cocoa SDK from v8.57.3 to v9.2.0 (#4781) by github-actions in #4781
  • changelog
  • diff
• chore(deps): update Native SDK to v0.12.7 by github-actions in #4920

Other

• test(blazor): Add Playwright E2E tests for navigation breadcrumbs by bruno-garcia in #4908
• test(android): Use volatile to produce SIGSEGV in native crash test by jpnurmi in #4919

---

_{🤖 This preview updates automatically when you update the PR.}

[github-actions]

	Messages
📖	Do not forget to update Sentry-docs with your feature once the pull request gets approved.

Generated by 🚫 dangerJS against b178f46