stop leaking host fingerprint in client correlation id

[Mzack9999]

Plain xid.New() derives its machine bytes from md5(hostname), which rides along on every OAST callback and lets the target (or third-party telemetry like GreyNoise) correlate scans back to the same operator. Keeps the timestamp prefix so format/sortability/server-side validation stay identical.

Closes #1349

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 464026bf-d361-4c19-9385-254a0ca47540

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch 1349-anonymous-correlation-id

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[jentfoo]

LGTM, thank you for reconsidering this issue