crawl4ai Docker API Remote Code Execution via extra_args Injection

The Docker API server accepted request-supplied `browser_config.extra_args`, allowing injection of Chromium switches that replace child-process launch commands, leading to unauthenticated remote code execution. The fix in 0.9.0 rejects requests that set `extra_args` with HTTP 400.

All users of crawl4ai Docker API (unauthenticated endpoints `/crawl`, `/crawl/stream`, `/crawl/job`) who have not upgraded to 0.9.0 or applied workarounds.

Upgrade to version 0.9.0 immediately. If upgrade is not possible, enable authentication via `CRAWL4AI_API_TOKEN` and restrict network access to the API.