feat: add SkipMethodNotAllowedMiddleware option

[goingforstudying-ctrl]

Add Engine.SkipMethodNotAllowedMiddleware flag that, when enabled, prevents global middleware from running on 405 Method Not Allowed responses. This allows NoMethod handlers to respond correctly without being intercepted by middleware such as authentication or checksum validation that would otherwise reject the request first.

Fixes #4189

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 98.38%. Comparing base (3dc1cd6) to head (cd916b6).
⚠️ Report is 281 commits behind head on master.

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #4687      +/-   ##
==========================================
- Coverage   99.21%   98.38%   -0.83%     
==========================================
  Files          42       48       +6     
  Lines        3182     3163      -19     
==========================================
- Hits         3157     3112      -45     
- Misses         17       42      +25     
- Partials        8        9       +1     

Flag	Coverage Δ
	?
--ldflags="-checklinkname=0" -tags sonic	98.37% <100.00%> (?)
-tags go_json	98.31% <100.00%> (?)
-tags nomsgpack	98.36% <100.00%> (?)
go-1.18	?
go-1.19	?
go-1.20	?
go-1.21	?
go-1.25	98.38% <100.00%> (?)
go-1.26	98.38% <100.00%> (?)
macos-latest	98.38% <100.00%> (-0.83%)	⬇️
ubuntu-latest	98.38% <100.00%> (-0.83%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[goingforstudying-ctrl]

Pushed fix: bumped quic-go to v0.59.1 to resolve CVE-2026-40898 (MEDIUM). Trivy scan should now pass.