Fix PHP 8 compatibility and harden requests

[allrude]

1. Improve PHP 8 compatibility and harden request/error handling

This PR improves PHP 8.x compatibility and hardens a few request/error-handling paths in the Magento 2 module.

In Service/PostcodeApiClient.php, the invalid-JSON path used:

sprintf('Invalid JSON response from the server for request: `%s`.' . $url)

preserves the intended exception flow
avoids unexpected fatal errors on malformed API responses
improves compatibility with PHP 8.1 through 8.5

2. Prevent unsupported ISO-2 country codes from causing a `TypeError

In `Helper/ApiClientHelper.php`, `validateAddress()` converts 2-letter country codes to ISO-3 before calling the strictly typed API client.

On PHP 8.1+, that can result in a `TypeError` instead of a clean "Country not supported" error.

This PR adds an explicit null check and throws a `BadRequestException` when the ISO-2 code cannot be mapped.

prevents avoidable fatal errors
keeps behavior consistent with the module's own validation/error model
improves resilience for invalid or unsupported inputs

3. Harden admin request parameter handling

In `Controller/Adminhtml/Address/Api.php`, request parameters were forwarded dynamically into service methods without explicit validation.

missing required parameters
non-scalar parameter values
and returns a handled bad-request response instead of allowing PHP argument/runtime errors to bubble up.

makes admin endpoint behavior more predictable
avoids PHP 8.x argument-related fatals from malformed requests
improves overall robustness without changing normal behavior.

4. Stop forwarding `HTTP_REFERER` to the external Postcode API

In `Service/PostcodeApiClient.php`, the module forwarded the incoming request's `HTTP_REFERER` header as `CURLOPT_REFERER` on outbound calls to `api.postcode.eu`.

avoids leaking storefront/admin URLs to a third-party API
avoids exposing query strings or sensitive admin route details and reduces unnecessary data sharing

Files changed :

Service/PostcodeApiClient.php
Helper/ApiClientHelper.php
Controller/Adminhtml/Address/Api.php

Validated with focus on PHP **8.1 - 8.5** compatibility by:
linting PHP files
reviewing affected runtime paths
checking the updated code paths for PHP 8.1+ behavior

and for:

stricter type handling
argument validation/runtime errors
exception flow regressions
deprecated/unsafe request handling patterns