sec(sandbox): missing 0.0.0.0 (unspecified address) check in SSRF protection

[cluster2600]

Summary

The `is_internal_ip()` function at `crates/openshell-sandbox/src/proxy.rs` (lines 1215–1237) checks `is_loopback()`, `is_private()`, and `is_link_local()` but does not check for the unspecified address `0.0.0.0` (`Ipv4Addr::UNSPECIFIED`) or `::` (`Ipv6Addr::UNSPECIFIED`).

Additionally, `0.0.0.0/0` is accepted as an `allowed_ips` policy entry (lines 1347–1350), which effectively bypasses all IP restrictions except loopback/link-local. Broad CIDRs only trigger a warning log.

Impact

• Severity: Low
• `0.0.0.0` would not typically resolve from DNS, but could appear in crafted requests.

Proposed Fix

1. Add `v4.is_unspecified()` and `v6.is_unspecified()` to the `is_internal_ip` check
2. Consider rejecting `0.0.0.0/0` and `::/0` as `allowed_ips` entries, or require an explicit opt-in flag