Forbid extra fields on execution api

[jx2lee]

closes: #44978 related: #44306

---

^ Add meaningful description above Read the Pull Request Guidelines for more information. In case of fundamental code changes, an Airflow Improvement Proposal (AIP) is needed. In case of a new dependency, check compliance with the ASF 3rd Party License Policy. In case of backwards incompatible changes please leave a note in a newsfragment file, named {pr_number}.significant.rst or {issue_number}.significant.rst, in newsfragments.

[jx2lee]

Adding extra field in xcoms/variable datamodels, test passed.. so I added only task_instance test. Do i miss anything? e.g in, TestGetVariable.test_variable_get_from_db, request with params extra fields but test passed (expected this test to fail, but...😭)

    def test_variable_get_from_db(self, client, session):
        Variable.set(key="var1", value="value", session=session)
        session.commit()

        response = client.get("/execution/variables/var1", params={"foo": "bar"})

        assert response.status_code == 200
        assert response.json() == {"key": "var1", "value": "value"}

        # Remove connection
        Variable.delete(key="var1", session=session)
        session.commit()

[jx2lee]

@pierrejeambrun Thanks for sharing issue.

I suggest to consolidate the approach for all of our APIs.

Most likely Bodies / input payloads have forbid_extra=True, but Responses do not. (because this is useful for filtering down a subpart of a model, and this feature is used by some endpoints).

I'll review the shared PR and make adjustments based on it! (Once the above PR is completed..!)

[pierrejeambrun]

One test to remove and we should be good.

[jx2lee]

One test to remove and we should be good.

I'm in gym now, go back to fix soon!

[pierrejeambrun]

Re-running failed job

[jx2lee]

@pierrejeambrun Do i need to modify code?

[pierrejeambrun]

CI is green, merging, thanks.