fix(cost-management): sanitize inputData before Orchestrator forwarding

Construct a clean inputData object with only known fields before forwarding
to the Orchestrator, preventing extra injected fields from passing through
to the workflow execution.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Author: hardengl

workspaces/cost-management/plugins/cost-management-backend/src/routes/applyRecommendation.ts

@@ -142,7 +142,16 @@ export const applyRecommendation: (options: RouterOptions) => RequestHandler =
           'Content-Type': 'application/json',
           Authorization: `Bearer ${token}`,
         },
-        body: JSON.stringify({ inputData }),
+        body: JSON.stringify({
+          inputData: {
+            clusterName: inputData.clusterName,
+            resourceType: inputData.resourceType,
+            resourceNamespace: inputData.resourceNamespace,
+            resourceName: inputData.resourceName,
+            containerName: inputData.containerName,
+            containerResources: inputData.containerResources,
+          },
+        }),
       });
 
       const contentType = upstreamResponse.headers.get('content-type') || '';