Implement outbound HTTP connection blocking

[marksmith]

This change implement the outbound connection blocking feature.

The simpleidn gem has been added as an aikido-zen dependency, in order to convert Punycode-encoded domains to Unicode and correctly retrieve the domain settings for domains that contain Unicode characters provided by Aikido Core.

The change begins with a switch from thread-local to fiber-local storage to store the current context. Fiber is patched to add the aikido_current_context instance variable and accessors. Fiber.new is patched so that aikido_current_context is automatically copied from the current Fiber into the new Fiber. This is necessary so that libraries that create Fibers that may execute on another thread can access the current context. The current context is necessary for checking whether the client IP is in the bypassed IPs set, to bypass connection blocking; but is also necessary to protect from SSRF attacks.

This change therefore aims to address an issue in async-http where the current context is not available because the Async::Task was scheduled/executed by on a thread where the current context has not been set in thread-local storage.

Summary by Aikido

Security Issues: 0	🔍 Quality Issues: 1	Resolved Issues: 0

🚀 New Features

• Implemented outbound HTTP connection blocking across multiple HTTP client sinks.

⚡ Enhancements

• Added runtime settings for domains and block_new_outbound behavior.
• Updated CI workflows and QA action versions; fixed macOS FFI setup.

🔧 Refactors

• Removed OutboundConnectionMonitor usage and centralized blocking logic in sinks.

^{More info}

[codecov]

Codecov Report

❌ Patch coverage is 98.48485% with 2 lines in your changes missing coverage. Please review.

Files with missing lines	Patch %	Lines
lib/aikido/zen/runtime_settings/domain_settings.rb	84.61%	0 Missing and 2 partials ⚠️

📢 Thoughts on this report? Let us know!