fix(security): add @Valid constraints on AddItemRequest to prevent oversized input

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

backend/src/test/java/com/recipeapp/shopping/ShoppingListControllerTest.java

@@ -159,4 +159,14 @@ class ShoppingListControllerTest {
                         .principal(() -> "sarah@example.com"))
                 .andExpect(status().isNoContent());
     }
+
+    @Test
+    void addItemShouldReturn400WhenCustomNameIsBlank() throws Exception {
+        mockMvc.perform(post("/v1/shopping-lists/{id}/items", LIST_ID)
+                        .principal(() -> "sarah@example.com")
+                        .contentType(MediaType.APPLICATION_JSON)
+                        .content(objectMapper.writeValueAsString(
+                                new AddItemRequest(null, "  ", new BigDecimal("1"), ""))))
+                .andExpect(status().isBadRequest());
+    }
 }