GHSA-vvjh-f6p9-5vcf: OpenClaw Canvas Authentication Bypass Vulnerability

OpenClaw's canvas endpoints have an authentication bypass vulnerability where the `authorizeCanvasRequest()` function grants access to any HTTP request from a private IP address if ANY WebSocket client from that same IP is authenticated, without verifying the request belongs to the same user or session. This is dangerous in shared IP environments like corporate NAT, VPNs, or Kubernetes clusters, where an unauthenticated attacker can gain full canvas access by sharing an IP with a legitimate authenticated client.