Rebased onto current main (was 61 commits behind, CONFLICTING) and addressed the failing test_elixir job.

Conflicts resolved:

• lib/.../api/run_controller.ex (show): merged with the new %Lightning.Run{} struct match so we get UUID validation plus the stricter return-shape check.
• lib/.../api/work_orders_controller.ex (show): same pattern for %Lightning.WorkOrder{}.
• lib/.../api/project_controller.ex (show): kept the %Lightning.Projects.Project{} struct match introduced upstream.
• lib/.../api/job_controller.ex (show): switched to the new Jobs.get_job(id, include: [...]) API (no bang, single preload) that landed upstream.
• test/.../api/run_controller_test.exs: kept both the new upstream describe "show" block and this PR's describe "malformed UUID params" block.

Test failure root cause:
The index action in credential_controller.ex had an else clause that handled nil and {:error, :unauthorized} but not {:error, :bad_request}, so Helpers.validate_uuid/1 returning :bad_request for a malformed project_id blew up the with (WithClauseError). Added the missing {:error, :bad_request} -> {:error, :bad_request} arm so it falls through to FallbackController, which already returns 400. Matches the pattern this PR already uses in delete.

The second failure in the prior CI (test list_dataclips_for_job/3 doesn't return a dataclip if the wrong text is entered in Lightning.InvocationTest) is unrelated to this PR (touches no invocation code) - flagging in case it's a known flake.

CI is re-running now.