fix(browser): add SSRF policy and navigation guards

[badgerbees]

Summary

This PR hardens the GoClaw browser tool with an explicit SSRF policy so browser-driven navigation is safe by default and still usable for local development when intentionally configured. It adds a shared navigation guard for open and navigate, re-checks the final page URL after navigation settles, and applies the same validation after interaction-driven navigation so redirects cannot bypass the policy.

By default, localhost, private IPs, and internal hostnames are blocked. If a deployment genuinely needs local or internal browser targets, it can opt in through the new browser SSRF policy config with explicit host allowlists or private-network access. The patch also wires the policy through startup, documents the new browser behavior in the tool surface, and adds focused regression tests for allowed and blocked navigation targets.

Type

• Feature
• Bug fix
• Hotfix (targeting main)
• Refactor
• Docs
• CI/CD

Target Branch

dev

Checklist

• go build ./... passes
• go build -tags sqliteonly ./... passes (if Go changes)
• go vet ./... passes
• Tests pass: go test -race ./...
• Web UI builds: cd ui/web && pnpm build (if UI changes)
• No hardcoded secrets or credentials
• SQL queries use parameterized $1, $2 (no string concat)
• New user-facing strings added to all 3 locales (en/vi/zh)
• Migration version bumped in internal/upgrade/version.go (if new migration)

Test Plan

• go test ./pkg/browser
• go test ./cmd