nocodb: SSRF protection via validateDbConnectionHost helper

Added a `validateDbConnectionHost` helper that resolves hostnames, parses addresses with ipaddr.js, normalizes IPv4-mapped IPv6, and rejects private, loopback, link-local, unique-local, reserved, unspecified, broadcast, and carrier-grade-NAT ranges. Special-cases `0.0.0.0`, `::`, and literal `localhost`. The check runs before the SSL block in the connection-test controller and gates driver invocation.

Authenticated users with connection-test permission who could previously probe internal services (Redis, cloud metadata endpoint, internal databases) reachable from the NocoDB process.

Update NocoDB to the latest version that includes this fix to prevent SSRF attacks via the connection-test endpoint.