fix(core): Use symbol for normalization checks

[mydea]

This changes how we check for normalization meta data, making it harder to trick. Previously, theoretically some JSON.parsed payload that we normalize could have the fields set we check for normalization logic. With this change, we use a symbol which cannot be generated by JSON, improving on this.

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

^{❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.}

^{Reviewed by Cursor Bugbot for commit 57ccee4. Configure here.}

[github-actions]

size-limit report 📦

Path	Size	% Change	Change
⛔️ @sentry/browser (max: 26 kB)	26 kB	+0.16%	+39 B 🔺
@sentry/browser - with treeshaking flags	24.48 kB	+0.16%	+39 B 🔺
@sentry/browser (incl. Tracing)	43.93 kB	+0.09%	+39 B 🔺
@sentry/browser (incl. Tracing + Span Streaming)	45.6 kB	+0.15%	+67 B 🔺
@sentry/browser (incl. Tracing, Profiling)	48.88 kB	+0.08%	+38 B 🔺
@sentry/browser (incl. Tracing, Replay)	83.12 kB	+0.04%	+29 B 🔺
@sentry/browser (incl. Tracing, Replay) - with treeshaking flags	72.63 kB	+0.06%	+41 B 🔺
@sentry/browser (incl. Tracing, Replay with Canvas)	87.79 kB	+0.03%	+24 B 🔺
@sentry/browser (incl. Tracing, Replay, Feedback)	100.09 kB	+0.06%	+60 B 🔺
@sentry/browser (incl. Feedback)	42.83 kB	+0.12%	+48 B 🔺
@sentry/browser (incl. sendFeedback)	30.68 kB	+0.12%	+35 B 🔺
@sentry/browser (incl. FeedbackAsync)	35.69 kB	+0.14%	+47 B 🔺
@sentry/browser (incl. Metrics)	27.28 kB	+0.11%	+28 B 🔺
@sentry/browser (incl. Logs)	27.43 kB	+0.19%	+50 B 🔺
@sentry/browser (incl. Metrics & Logs)	28.11 kB	+0.14%	+37 B 🔺
@sentry/react	27.75 kB	+0.12%	+32 B 🔺
@sentry/react (incl. Tracing)	46.17 kB	+0.08%	+36 B 🔺
@sentry/vue	30.86 kB	+0.15%	+46 B 🔺
@sentry/vue (incl. Tracing)	45.76 kB	+0.11%	+48 B 🔺
⛔️ @sentry/svelte (max: 26 kB)	26.03 kB	+0.18%	+46 B 🔺
CDN Bundle	28.69 kB	+0.13%	+37 B 🔺
CDN Bundle (incl. Tracing)	46.16 kB	+0.09%	+40 B 🔺
CDN Bundle (incl. Logs, Metrics)	30.07 kB	+0.13%	+39 B 🔺
CDN Bundle (incl. Tracing, Logs, Metrics)	47.21 kB	+0.09%	+40 B 🔺
CDN Bundle (incl. Replay, Logs, Metrics)	69.03 kB	+0.06%	+38 B 🔺
CDN Bundle (incl. Tracing, Replay)	83.21 kB	+0.03%	+24 B 🔺
CDN Bundle (incl. Tracing, Replay, Logs, Metrics)	84.24 kB	+0.04%	+27 B 🔺
CDN Bundle (incl. Tracing, Replay, Feedback)	88.7 kB	+0.04%	+35 B 🔺
CDN Bundle (incl. Tracing, Replay, Feedback, Logs, Metrics)	89.79 kB	+0.04%	+32 B 🔺
CDN Bundle - uncompressed	83.99 kB	+0.09%	+75 B 🔺
CDN Bundle (incl. Tracing) - uncompressed	137.9 kB	+0.06%	+75 B 🔺
CDN Bundle (incl. Logs, Metrics) - uncompressed	88.13 kB	+0.09%	+75 B 🔺
CDN Bundle (incl. Tracing, Logs, Metrics) - uncompressed	141.31 kB	+0.06%	+75 B 🔺
CDN Bundle (incl. Replay, Logs, Metrics) - uncompressed	211.71 kB	+0.04%	+75 B 🔺
CDN Bundle (incl. Tracing, Replay) - uncompressed	255.34 kB	+0.03%	+75 B 🔺
CDN Bundle (incl. Tracing, Replay, Logs, Metrics) - uncompressed	258.73 kB	+0.03%	+75 B 🔺
CDN Bundle (incl. Tracing, Replay, Feedback) - uncompressed	268.25 kB	+0.03%	+75 B 🔺
CDN Bundle (incl. Tracing, Replay, Feedback, Logs, Metrics) - uncompressed	271.64 kB	+0.03%	+75 B 🔺
@sentry/nextjs (client)	48.68 kB	+0.06%	+27 B 🔺
@sentry/sveltekit (client)	44.37 kB	+0.09%	+36 B 🔺
@sentry/node-core	58.56 kB	+0.08%	+41 B 🔺
@sentry/node	175.9 kB	+0.04%	+68 B 🔺
@sentry/node - without tracing	98.35 kB	+0.04%	+38 B 🔺
@sentry/aws-serverless	115.56 kB	+0.04%	+41 B 🔺

View base workflow run

[JPeer264]

Overall LGTM. Was there a specific issue that this change caused? I see the value of not tricking it, by using a symbol - but are there any pros for attackers that could benefit from this flaw?

I just ask since it is increasing the bundle by just a little