[fix] Missing session validation in file download routes causes 500 Internal Error

[krrishrastogi05]

Summary

• What changed: Inserted minimal validation checks into /downloadFile, /downloadCSVFile, and /downloadResultsFile in DataFileRoute.py. Added explicit catch blocks for TypeError. (Note: downloadDataFile was left untouched to preserve existing commented code/structure).
• Why: To prevent unhandled TypeError exceptions from crashing the server. Previously, if session.get('osycase') was None, passing it to pathlib.Path bypassed the IOError catch block, resulting in a 500 Internal Server Error.

Related issues

• Issue exists and is linked
• Closes [Bug] Missing session validation in file download routes causes 500 Internal Server Error #240

Validation

• Tests added/updated (or not applicable)
• Validation steps documented
  • Steps Taken:
    1. Sent a GET request to /downloadFile without an active session -> Verified it returns a safe 400 error.
    2. Sent GET requests missing URL parameters -> Verified they return 400 errors.

Documentation

• Docs updated in this PR (or not applicable)
• Any setup/workflow changes reflected in repo docs

Scope check

• No unrelated refactors
• Implemented from a feature branch
• Change is deliverable without upstream OSeMOSYS/MUIO dependency
• Base repo/branch is EAPD-DRB/MUIOGO:main (not upstream)

[SeaCelo]

@krrishrastogi05 Thanks for the work here. I’m closing this in favor of #416, which we’re keeping as the current implementation PR for the missing-session download crash tracked under #240.