guard json schema ref retrieval against internal targets

[uwezkhan]

The JSON deserializer resolves a $ref the schema registry doesn't know about by handing the raw URI to httpx.get in _retrieve_via_httpx. The writer schema is selected by the schema id embedded in the consumed message, so a producer can register a schema whose $ref points at http://169.254.169.254/..., loopback, or an RFC1918 host, and the consumer fetches it during deserialization and parses the response as a schema.

Before, any scheme and any address were fetched. After, the helper requires http/https, resolves the host, and refuses private, loopback, link-local, reserved, multicast, or unspecified targets (including IPv4-mapped IPv6); public URLs still resolve as they did. The check lives in the retrieve callback because that is the single point every $ref lookup passes through, so the sync and async paths are both covered without each caller repeating it. Tradeoff: a schema legitimately served from an internal host is now rejected and has to be reachable at a public address or registered as a named reference.

[confluent-cla-assistant]

🎉 All Contributor License Agreements have been signed. Ready to merge.
✅ uwezkhan
_{Please push an empty commit if you would like to re-run the checks to verify CLA status for all contributors.}