[Feature] Enforce NullAway null-safety checks across all modules from day one

[limehee]

Problem statement

The project currently relies on runtime null checks and test coverage, but it does not enforce compile-time null-safety across all modules. This leaves room for regressions where newly introduced code paths accept or return unexpected null values.

Proposed solution

Adopt NullAway across the entire multi-module build (jsonrpc-core, jsonrpc-spring-webmvc, jsonrpc-spring-boot-autoconfigure, jsonrpc-spring-boot-starter, and samples where applicable) and fail CI on violations.

Implementation scope:

• Add Error Prone + NullAway wiring in Gradle and apply consistently to all Java compilation tasks.
• Configure annotated packages and nullness defaults to align with existing JSpecify usage.
• Ensure baseline configuration is strict enough for new code while allowing an incremental cleanup path for existing findings.
• Add CI checks so NullAway runs in normal check workflow, not as an optional job.
• Document local setup and troubleshooting in docs.

Alternatives considered

• Keep runtime-only null checks and tests.
  • Rejected because it does not provide compile-time guarantees.
• Enable NullAway only for selected modules.
  • Rejected because cross-module boundaries are exactly where nullability drift often occurs.

JSON-RPC behavior impact

No protocol behavior change. This is a build-time quality and safety improvement only.

Additional context

The goal is conservative-by-default quality gates: new code should not introduce nullable contract ambiguity. Existing behavior should remain backward compatible while null-safety guarantees improve.