fix(friend): add BaseRequest body param to 6 body-less actions

ShadowverseTranslationMiddleware throws InvalidOperationException when
a Unity client posts an encrypted msgpack body to an action with zero
[FromBody] parameters — it has no target type for the deserializer.
Tests pass because they post JSON directly with no UnityPlayer UA and
the middleware short-circuits. Same defect already fixed on /replay/info
in 216dcab; this catches up the friend system shipped 2026-06-09.

Fixed actions: info, receive_apply_info, send_apply_info,
played_together_info, reject_apply_all, cancel_apply_all.

Tests updated to post the BaseRequest auth fields so [ApiController]
model validation passes (BaseRequest.ViewerId is non-nullable string).

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

SVSim.EmulatedEntrypoint/Controllers/FriendController.cs

@@ -1,6 +1,7 @@
 using Microsoft.AspNetCore.Mvc;
 using SVSim.Database.Services.Friend;
 using SVSim.EmulatedEntrypoint.Models.Dtos.Friend;
+using SVSim.EmulatedEntrypoint.Models.Dtos.Requests;
 
 namespace SVSim.EmulatedEntrypoint.Controllers;
 
@@ -17,7 +18,7 @@ public sealed class FriendController : SVSimController
     public FriendController(IFriendService friend) => _friend = friend;
 
     [HttpPost("info")]
-    public async Task<ActionResult<FriendInfoResponse>> Info(CancellationToken ct)
+    public async Task<ActionResult<FriendInfoResponse>> Info([FromBody] BaseRequest _, CancellationToken ct)
     {
         if (!TryGetViewerId(out var viewerId)) return Unauthorized();
         var result = await _friend.GetFriendsAsync(viewerId, ct);
@@ -30,7 +31,7 @@ public sealed class FriendController : SVSimController
     }
 
     [HttpPost("receive_apply_info")]
-    public async Task<ActionResult<ReceiveApplyInfoResponse>> ReceiveApplyInfo(CancellationToken ct)
+    public async Task<ActionResult<ReceiveApplyInfoResponse>> ReceiveApplyInfo([FromBody] BaseRequest _, CancellationToken ct)
     {
         if (!TryGetViewerId(out var viewerId)) return Unauthorized();
         var result = await _friend.GetReceiveAppliesAsync(viewerId, ct);
@@ -42,7 +43,7 @@ public sealed class FriendController : SVSimController
     }
 
     [HttpPost("send_apply_info")]
-    public async Task<ActionResult<SendApplyInfoResponse>> SendApplyInfo(CancellationToken ct)
+    public async Task<ActionResult<SendApplyInfoResponse>> SendApplyInfo([FromBody] BaseRequest _, CancellationToken ct)
     {
         if (!TryGetViewerId(out var viewerId)) return Unauthorized();
         var result = await _friend.GetSendAppliesAsync(viewerId, ct);
@@ -55,7 +56,7 @@ public sealed class FriendController : SVSimController
     }
 
     [HttpPost("played_together_info")]
-    public async Task<ActionResult<PlayedTogetherInfoResponse>> PlayedTogetherInfo(CancellationToken ct)
+    public async Task<ActionResult<PlayedTogetherInfoResponse>> PlayedTogetherInfo([FromBody] BaseRequest _, CancellationToken ct)
     {
         if (!TryGetViewerId(out var viewerId)) return Unauthorized();
         var result = await _friend.GetPlayedTogetherAsync(viewerId, ct);
@@ -109,7 +110,7 @@ public sealed class FriendController : SVSimController
     }
 
     [HttpPost("reject_apply_all")]
-    public async Task<IActionResult> RejectApplyAll(CancellationToken ct)
+    public async Task<IActionResult> RejectApplyAll([FromBody] BaseRequest _, CancellationToken ct)
     {
         if (!TryGetViewerId(out var viewerId)) return Unauthorized();
         await _friend.RejectAllAppliesAsync(viewerId, ct);
@@ -117,7 +118,7 @@ public sealed class FriendController : SVSimController
     }
 
     [HttpPost("cancel_apply_all")]
-    public async Task<IActionResult> CancelApplyAll(CancellationToken ct)
+    public async Task<IActionResult> CancelApplyAll([FromBody] BaseRequest _, CancellationToken ct)
     {
         if (!TryGetViewerId(out var viewerId)) return Unauthorized();
         await _friend.CancelAllAppliesAsync(viewerId, ct);