fix(web): strengthen URL validation and redirect handling in OG scraper

[RinZ27]

Strengthened the isPrivateHost check to include the AWS/GCP/Azure metadata IP (169.254.169.254) and other loopback/unspecified addresses (0.0.0.0, ::). This ensures that the OG scraper cannot be used to probe sensitive cloud metadata or internal services.

Switched the fetch call to redirect: 'manual' to prevent automated redirect bypasses. The implementation now manually validates the redirect location against the private host blocklist before following it, providing a more robust defense against SSRF attempts.

Added a Content-Type check to ensure the scraper only processes text/html. This prevents the server from attempting to download and process large binary files, reducing potential resource exhaustion during scraping operations.

Refactored the HTML metadata extraction into a reusable processHtml helper to maintain clean logic across the new redirect handling flow. All existing functionality for Open Graph and Twitter tags remains intact.