open-webui terminal-server proxy path traversal and SSRF

The terminal-server reverse proxy in backend/open_webui/routers/terminals.py does not fully sanitize user-controlled path values, allowing path traversal and SSRF. Two vectors: single-encoded traversal (original) and double-encoded bypass of the _sanitize_proxy_path mitigation.

Authenticated users with access to a terminal server can escape the intended path/policy scope, reaching unintended endpoints and files on the terminal-server host, and potentially internal services via SSRF.

Apply the fix that decodes the proxy path repeatedly until stable before normalizing and checking, as shown in the advisory.