Return 400 for search requests without identifiers

[puneetdixit200]

Summary

Fixes #5367.

POST /search now validates that the request includes at least one memory scope identifier before calling Memory.search(). After merging deprecated top-level user_id, agent_id, and run_id values into filters, the route returns 400 Bad Request when none of those identifiers is present instead of letting the backend raise and mapping that client error to a generic upstream 502.

The route also lets intentional FastAPI HTTPExceptions pass through the broad upstream error wrapper, and the regression test verifies that invalid search requests do not call the memory backend.

Testing

AUTH_DISABLED=true PYTHONPATH=server:. uv run --extra test --with-requirements server/requirements.txt --with 'psycopg[binary]' pytest tests/test_server_params.py -q
uv run --extra dev ruff check server/main.py tests/test_server_params.py
uv run --extra dev ruff format --check server/main.py
git diff --check

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.

---

Deepak kudi seems not to be a GitHub user. You need a GitHub account to be able to sign the CLA. If you have already a GitHub account, please add the email address used for this commit to your account.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}