Standalone AppSec improvements

[gnufede]

trafficstars

Motivation

While chasing down some flakyness, we came out with some improvements to the tests

Changes

• Use /returnheaders endpoint for the initial setup/assert, since it's more lightweight than /requestdownstream, the latter creates two requests instead of 1, adding unnecessary pressure to the weblog.
• Use different trace and parent ids for each test. This way all the spans are not connected to the same parent, and a single test will fail if the spans are not properly flushed, instead of all of them failing together. This is useful for flake investigation.
• Add an assert about the weblog response to make sure it has content before calling json.loads() on it.

Workflow

1. ⚠️ Create your PR as draft ⚠️
2. Work on you PR until the CI passes (if something not related to your task is failing, you can ignore it)
3. Mark it as ready for review
   • Test logic is modified? -> Get a review from RFC owner. We're working on refining the codeowners file quickly.
   • Framework is modified, or non obvious usage of it -> get a review from R&P team

:rocket: Once your PR is reviewed, you can merge it!

🛟 #apm-shared-testing 🛟

Reviewer checklist

• [ ] If PR title starts with [<language>], double-check that only <language> is impacted by the change
• [ ] No system-tests internal is modified. Otherwise, I have the approval from R&P team
• [ ] CI is green, or failing jobs are not related to this change (and you are 100% sure about this statement)
• [ ] A docker base image is modified?
  • [ ] the relevant build-XXX-image label is present
• [ ] A scenario is added (or removed)?
  • [ ] Get a review from R&P team