Extension framework P2 security utilities (P2-3..P2-4)

Parent: #6853
Related: #6856

## Objective
Implement reusable security utility APIs for extension authors.

## Proposal IDs covered
- P2-3 Security validation package
- P2-4 SSRF protection helpers

## In scope
- Security validation helper interfaces and threat assumptions.
- SSRF safety helpers with secure defaults.
- Positive/negative tests and guidance for safe adoption.

## Out of scope
- General output/logging APIs (#6946).
- Runtime process/shell/file utilities (#6948).

## Deliverables
- [ ] Validation helper API + implementation.
- [ ] SSRF protection helper API + implementation.
- [ ] Test coverage for normal + adversarial paths.
- [ ] Security guidance for extension consumers.

## Verification checklist
- [ ] Safe defaults documented and enabled by default.
- [ ] DNS/IP and URL policy behavior is deterministic and test-backed.
- [ ] `mage preflight` passes.

## Definition of done
- [ ] P2-3 and P2-4 are complete, tested, and documented.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Extension framework P2 security utilities (P2-3..P2-4) #6947

Objective

Proposal IDs covered

In scope

Out of scope

Deliverables

Verification checklist

Definition of done

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Extension framework P2 security utilities (P2-3..P2-4) #6947

Description

Objective

Proposal IDs covered

In scope

Out of scope

Deliverables

Verification checklist

Definition of done

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions