Middleware vulnerability: Unhandled MontageError bypasses CORS headers

[ayushshukla1807]

Problem:
Currently, when the backend raises a MontageError or InvalidAction before the endpoint logic completes, the error skips the JSON serialization layer within MessageMiddleware. Because the resulting object bypasses the WSGI CORSMiddleware, it completely drops the CORS headers.

Impact:
Instead of receiving a clean 400 Bad Request with an { "errors": [...] } payload, the Vue frontend experiences a silent, browser-level "Network Error / CORS blocked" rejection. This completely masks the actual error and prevents the frontend from rendering proper alert toasts.

Proposed Solution:
Implement a strict exception trapping layer in MessageMiddleware.endpoint that catches MontageError, forces a 4xx/5xx status code, and wraps it in a standardized JSON payload so the CORS wrapper appends headers successfully.