UUID-validate anon-reachable inputs

Four API routes that accept IDs from anonymous callers now hard-validate the UUID shape before touching Postgres. Bad input gets a clean 400 instead of bubbling up as a Postgres syntax error. Tightens up the public surface against fuzzing.