GHSA-9x67-f2v7-63rw: AVideo vulnerable to unauthenticated SSRF via HTTP redirect bypass in LiveLinks proxy

AVideo's LiveLinks proxy endpoint validates URLs to block requests to internal networks, but only checks the initial URL. When a URL redirects (sends back a `Location` header pointing elsewhere), the code follows the redirect without re-validating the new target, letting attackers reach internal services like cloud metadata or private networks. The endpoint is also completely unauthenticated, so anyone can access it.