fix: data race in snapshot cache OnStreamResponse/OnStreamDeltaResponse #8276
Description
OnStreamResponse and OnStreamDeltaResponse in internal/xds/cache/snapshotcache.go read from s.streamIDNodeInfo without holding the mutex lock.
The comment says "No mutex lock required here because no writing to the cache" — but this is incorrect. Other callbacks (OnStreamOpen, OnStreamClosed, OnStreamRequest, OnDeltaStreamOpen, OnDeltaStreamClosed) all write to this same map while holding s.mu. In Go, concurrent map read and write is a data race that causes fatal error: concurrent map read and map write.
Affected code:
OnStreamResponse(line ~277): readss.streamIDNodeInfo[streamID]without lockOnStreamDeltaResponse(line ~396): same pattern
Impact: Under concurrent xDS traffic (multiple Envoy proxies connecting/disconnecting), this can crash the control plane with a runtime panic.
Fix: Acquire s.mu.RLock() before reading the map in both functions.