security: fix #1 — wire SSRF hook into BooruClient shared client

Adds validate_public_request to the BooruClient event_hooks list so
every request (and every redirect hop) is checked against the block
list from _safety.py. Danbooru, Gelbooru, and Moebooru subclasses
all go through BooruClient.client and inherit the protection.

Preserves the existing _log_request hook by listing both hooks in
order: validate first (so blocked hops never reach the log), then
log.

Audit-Ref: SECURITY_AUDIT.md finding #1
Severity: High

booru_viewer/core/api/base.py

@@ -12,6 +12,7 @@ import httpx
 
 from ..config import USER_AGENT, DEFAULT_PAGE_SIZE
 from ..cache import log_connection
+from ._safety import validate_public_request
 
 log = logging.getLogger("booru")
 
@@ -106,7 +107,12 @@ class BooruClient(ABC):
                     headers={"User-Agent": USER_AGENT},
                     follow_redirects=True,
                     timeout=20.0,
-                    event_hooks={"request": [self._log_request]},
+                    event_hooks={
+                        "request": [
+                            validate_public_request,
+                            self._log_request,
+                        ],
+                    },
                     limits=httpx.Limits(max_connections=10, max_keepalive_connections=5),
                 )
                 BooruClient._shared_client = c