GHSA-v54h-cp2w-9x4g: Coder's session token leaked to arbitrary hosts via `coder open app` for external workspace apps | AI Sec Watch