Fix healthcheck pings blocked by SSRF protection (v2.5.66)

[ttlequals0]

Summary

• Since v2.5.64, all healthcheck pings for scheduled scans were failing because validate_safe_url() blocked requests to healthcheck servers that resolve to private IPs
• Added TRUSTED_INTERNAL_HOSTS environment variable that lets admins allowlist hostnames and/or CIDR ranges to bypass SSRF private-IP blocking
• SSRF protection remains fully active for all non-trusted hosts

Changes

• pixelprobe/utils/security.py -- Added _load_trusted_hosts(), _reset_trusted_hosts(), _is_trusted() helpers; updated validate_safe_url() to check allowlist before blocking
• config.py -- Added TRUSTED_INTERNAL_HOSTS config variable
• docker-compose.yml -- Added env var to both pixelprobe and celery-worker services
• docs/CONFIGURATION.md -- Added "SSRF Trusted Hosts" documentation section
• version.py -- Bumped to 2.5.66
• tests/test_security_fixes.py -- Added 8 new tests for trusted hosts allowlist

Test plan

• All 239 existing tests pass (8 skipped, pre-existing)
• 8 new tests cover: hostname bypass, CIDR bypass, bare IP bypass, non-trusted still blocked, empty/unset preserves blocking, case-insensitive matching, multiple entries, IP outside CIDR still blocked
• Docker image built and pushed as 2.5.66 + latest
• After deploy: set TRUSTED_INTERNAL_HOSTS in container env and verify healthcheck pings succeed in Grafana logs