fix(security): disable automatic redirects in http_request tool (#624)

Closes #607

The http_request tool validated the initial URL against the domain
allowlist and private-host rules, but reqwest's default redirect policy
followed redirects automatically without revalidating each hop. This
allowed SSRF via redirect chains from allowed domains to internal hosts.

Set redirect policy to Policy::none() so 3xx responses are returned
as-is. Callers that need to follow redirects must issue a new request,
which goes through validate_url again.

Severity: High — SSRF/allowlist bypass via redirect chains.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

src/tools/http_request.rs

@@ -116,6 +116,7 @@ impl HttpRequestTool {
     ) -> anyhow::Result<reqwest::Response> {
         let client = reqwest::Client::builder()
             .timeout(Duration::from_secs(self.timeout_secs))
+            .redirect(reqwest::redirect::Policy::none())
             .build()?;
 
         let mut request = client.request(method, url);
@@ -799,4 +800,12 @@ mod tests {
             );
         }
     }
+
+    #[test]
+    fn redirect_policy_is_none() {
+        // Structural test: the tool should be buildable with redirect-safe config.
+        // The actual Policy::none() enforcement is in execute_request's client builder.
+        let tool = test_tool(vec!["example.com"]);
+        assert_eq!(tool.name(), "http_request");
+    }
 }