hardening(examples): sanitize UCP self-test exception, drop unused Any import

CodeQL flagged the `/_selftest/ucp` route returning `str(exc)` to the HTTP
response body as information exposure. Match the round-26 sanitization
pattern used in core/store: log the full exception server-side via
logger.exception, expose only `type(exc).__name__` + the structured
verification code to the caller. The error class name is enough for an
operator to triage without revealing internal verification machinery.

Also drop the unused `Any` import from tests/test_ucp.py; the only cast()
target gets retyped to `OperatorVerification` (the actual field type),
which keeps the typed-empty-wins-over-raw test intent intact.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

Author: vvillait88

examples/signed_ucp_merchant.py

@@ -141,4 +141,8 @@ async def selftest() -> JSONResponse:
         verify_ucp_profile(profile, jwks)
         return JSONResponse({"ok": True, "kid": profile["signing_keys"][0]["kid"]})
     except UCPVerificationError as exc:
-        return JSONResponse({"ok": False, "code": exc.code, "message": str(exc)}, status_code=500)
+        logger.exception("UCP self-test verification failed")
+        return JSONResponse(
+            {"ok": False, "code": exc.code, "error": type(exc).__name__},
+            status_code=500,
+        )

tests/test_ucp.py

@@ -1,6 +1,6 @@
 """Tests for build_ucp_profile."""
 
-from typing import Any, cast
+from typing import cast
 
 import pytest
 
@@ -386,7 +386,7 @@ def test_typed_empty_operator_verification_wins_over_raw() -> None:
         allow=True,
         resolved_operator="op_xyz",
         # Empty dict is a valid typed value (means "operator block returned empty").
-        operator_verification=cast("Any", {}),
+        operator_verification=cast("OperatorVerification", {}),
         raw={"operator_verification": {"level": "enhanced", "verified_at": "2026-01-01T00:00:00Z"}},
     )
     profile = build_ucp_profile(**_base_kwargs(), data=result)