WS-02: bind daemon downloads to validated IPs

[glittercowboy]

TL;DR

This closes the daemon-side DNS rebinding SSRF gap from WS-02.

Download validation now resolves and approves addresses once, then the actual HTTP client dials only those validated IPs with proxies disabled and redirects still disabled.

Why it matters

A preflight DNS check can be bypassed if the hostname rebinds before the real fetch. Binding the actual socket dial to the validated IP closes that gap for user-supplied image URLs.

How it works now

• Parse HTTPS download URLs into a validated download target
• Reject blocked IP literals and blocked resolved addresses
• Carry the validated IP:port set into a custom DialContext for the actual request
• Disable proxy use and keep redirects disabled
• Assert in tests that the dialer uses the validated IP instead of the hostname

Verification

• go test ./internal/claude/...
• go test ./...

Post-merge verification

• PR merged via commit 3a801c6f92dd1ef20b0794c11780c70752fc1f9e
• Release tag pushed: daemon/v0.2.15
• release-daemon.yml succeeded on daemon/v0.2.15: run 24399686676
• GitHub release published successfully: https://github.com/gsd-build/daemon/releases/tag/daemon/v0.2.15
• Release artifacts are present for darwin/linux amd64 and arm64 plus checksums/signature

Observability gate

• health.check_all was rerun after the release, but it did not produce a passing health result because the MCP is misconfigured in this environment
• Returned placeholder/config errors for every integration, including unresolved VERCEL_TOKEN, FLY_API_TOKEN, SUPABASE_ACCESS_TOKEN, SENTRY_AUTH_TOKEN, STRIPE_*, and RESEND_API_KEY
• Direct GitHub release and workflow signals were used instead of MCP health data