Fix/tests (#2526)

* Add test reproducing the issue - test mocks https://some.com/image.png returning 302 Location: http://169.254.169.254/latest/meta-data, then expects load_image_from_url() to reject it before fetching the redirected URL. current code follows the redirect and decodes the mocked image bytes (resulting in test failure)

* tests

* test

* fix

* Secure URL image redirects against SSRF

* test

* revert

* Harden image URL loading against SSRF

  Disable automatic redirects for URL image fetches, reject hosts that resolve to
  non-public addresses by default, and add an opt-in env flag for deployments that
  intentionally load images from private networks. Add unit coverage for redirect
  blocking, metadata-address DNS resolution, and the private-network override.

* fix unrelated test

* remove stale test

* keep only tests

* remove

Author: grzegorz-roboflow

tests/inference/unit_tests/core/interfaces/stream/test_workflow_model_handler.py

@@ -32,14 +32,15 @@ def test_workflow_runner_preserves_zero_source_id_as_video_identifier():
         ),
     ]
 
-    WorkflowRunner().run_workflow(
-        video_frames=frames,
+    runner = WorkflowRunner(
         workflows_parameters={},
         execution_engine=engine,
         image_input_name="image",
         video_metadata_input_name="video_metadata",
     )
 
+    runner(frames)
+
     assert [
         metadata.video_identifier
         for metadata in engine.runtime_parameters["video_metadata"]