feat(security): implement robust IP validation and safeFetch foundation (#21401)

eslint.config.js

@@ -35,6 +35,11 @@ const commonRestrictedSyntaxRules = [
     message:
       'Do not throw string literals or non-Error objects. Throw new Error("...") instead.',
   },
+  {
+    selector: 'CallExpression[callee.name="fetch"]',
+    message:
+      'Use safeFetch() from "@/utils/fetch" instead of the global fetch() to ensure SSRF protection. If you are implementing a custom security layer, use an eslint-disable comment and explain why.',
+  },
 ];
 
 export default tseslint.config(