feat(#123): add IP-level SSRF defense to Gitea client and action

## Changes

### Go: IP-level SSRF protection in gitea.Client (primary defense)
- Add gitea/ipcheck.go with IsBlockedIP() covering all blocked CIDR ranges:
  loopback (127.0.0.0/8, ::1), RFC1918 (10/8, 172.16/12, 192.168/16),
  link-local (169.254/16, fe80::/10), ULA (fc00::/7), CGN (100.64/10),
  multicast, reserved, and unspecified ranges.
- IPv6-mapped IPv4 addresses (::ffff:x.x.x.x) are normalized before checking.
- Add safeDialContext to gitea.Client: resolves DNS, rejects any IP in a
  blocked CIDR, then dials the resolved IP directly to narrow the DNS rebinding
  window. NewClient now uses this safe transport by default.
- Add WithUnsafeDialer() for test code using httptest.Server (127.0.0.1).
- Update NewTestClient helper in export_test.go for all gitea unit tests.
- Update SetHTTPClient(nil) to restore the safe transport (not the plain one).

### Go: validate-url subcommand (defense-in-depth for future bash callers)
- Add 'review-bot validate-url <url>' subcommand: validates https scheme,
  no user-info, resolves hostname, rejects any blocked IP.
- Exit 0=safe, 1=blocked, 2=validation error/dns failure.
- Add outWriter/errWriter vars to main.go for testable output capture.

### action.yml: Python3 IP check in 'Determine version' step
- After the https scheme validation, resolve SERVER_URL hostname with
  socket.getaddrinfo and reject any result where
  ipaddress.ip_address(ip).is_private/is_loopback/is_link_local/etc. is true.
- python3 is required on ubuntu-* runners (noted in existing comments).
- Covers the version-check curl that sends ACTION_TOKEN to SERVER_URL.
- SERVER_URL for install-step curls is covered by the same pre-check.

### Tests
- gitea/ipcheck_test.go: 30+ cases covering all blocked families + public IPs
- gitea/client_test.go: safe transport presence, WithUnsafeDialer, SSRF blocking
- cmd/review-bot/validateurl_test.go: scheme validation, user-info, exit codes

Closes #123

.gitea/actions/review/action.yml

@@ -9,7 +9,13 @@
 #   token exfiltration. API calls use github.api_url; downloads use
 #   github.server_url. Tokens are never sent to user-supplied URLs.
 # - On Gitea (VCS_TYPE=gitea), inputs.vcs-url is validated (https scheme,
-#   no whitespace/newlines) before use.
+#   no whitespace/newlines, and DNS resolution to a public IP) before use.
+#   Python3 resolves the hostname and rejects RFC1918, loopback, link-local,
+#   and other reserved addresses to prevent SSRF attacks.
+#   The installed review-bot binary additionally uses a safe HTTP transport
+#   (DialContext-level IP check) for all Gitea API calls at runtime.
+#   The binary also exposes a `validate-url` subcommand for use in any future
+#   shell steps that need to validate a URL before passing it to curl.
 # - action-repo is validated against owner/repo pattern.
 # - Tokens are passed via masked environment variables, not step outputs.
 #
@@ -185,6 +191,27 @@ runs:
             echo "Error: SERVER_URL '${SERVER_URL}' must be an https:// URL with no whitespace" >&2
             exit 1
           fi
+
+          # Additional IP-level SSRF defense: resolve the hostname and reject
+          # requests to RFC1918, loopback, link-local, and other reserved addresses.
+          # python3 is required on ubuntu-* runners (see requirements comment above).
+          # Use printf to write the script to a temp file so the python lines are valid
+          # YAML (each indented line becomes a printf argument — no unindented code).
+          # SERVER_URL is passed via CHECK_URL env var, never interpolated into python code.
+          printf '%s\n' \
+            'import socket,ipaddress,sys,os' \
+            'from urllib.parse import urlparse' \
+            'u=os.environ["CHECK_URL"]; h=urlparse(u).hostname' \
+            '(print("Error: no hostname",file=sys.stderr) or sys.exit(2)) if not h else None' \
+            'try: rs=socket.getaddrinfo(h,None)' \
+            'except socket.gaierror as e: print(f"DNS error: {e}",file=sys.stderr); sys.exit(1)' \
+            'if not rs: print("Error: no addresses",file=sys.stderr); sys.exit(1)' \
+            '[sys.exit(1) or print(f"blocked: {a}",file=sys.stderr) for _,_,_,_,(a,*_) in rs if (lambda ip:ip.is_private or ip.is_loopback or ip.is_link_local or ip.is_multicast or ip.is_reserved)(ipaddress.ip_address(a))]' \
+            > /tmp/_ssrf_check.py
+          CHECK_URL="${SERVER_URL}" python3 /tmp/_ssrf_check.py || {
+            echo "Error: SERVER_URL '${SERVER_URL}' resolves to a private/reserved IP address" >&2
+            exit 1
+          }
         fi
 
         # Determine auth token for release API requests
@@ -305,6 +332,11 @@ runs:
         ACTION_TOKEN="${ACTION_TOKEN:-}"
         BINARY="review-bot-${OS}-${ARCH}"
 
+        # SECURITY: SERVER_URL was validated (scheme + IP check) in "Determine version".
+        # All curl calls in this step use the same SERVER_URL, so that pre-check covers them.
+        # The installed binary uses safeDialContext for additional defense-in-depth in
+        # the "Run review" step.
+
         if [ "$VCS_TYPE" = "github" ]; then
           # GitHub/GHES: Use REST API for release asset downloads.
           # Web release URLs ({server}/.../releases/download/{tag}/{asset}) redirect