refactor: improve remote image resource handling

[psxjoy]

Purpose of the pull request

What's changed?

Checklist

• I have read the Contributor Guide.
• I have written the necessary doc or comment.
• I have added the necessary unit tests and all cases have passed.

[Copilot]

Pull request overview

Note

Copilot was unable to run its full agentic suite in this review.

Introduces a configurable security policy for fetching remote images from URL cells, adding SSRF/redirect/size controls and corresponding unit tests.

Changes:

• Added UrlImageFetchPolicy to define allowed schemes, private-network allowlists (hosts/CIDRs), redirect limits, and maximum image size.
• Refactored UrlImageConverter to enforce the policy (scheme/host validation, redirect handling, byte limit, and image-type validation).
• Added CidrBlock utility and a new JUnit test suite covering key policy behaviors.

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 5 comments.

File	Description
fesod-sheet/src/test/java/org/apache/fesod/sheet/converter/UrlImageConverterTest.java	Adds tests for scheme restrictions, private-host/CIDR allowlisting, redirect behavior, content-type rejection, and size limits.
fesod-sheet/src/main/java/org/apache/fesod/sheet/converters/url/UrlImageFetchPolicy.java	Adds the policy model + builder with normalization/validation for hosts/schemes and limit settings.
fesod-sheet/src/main/java/org/apache/fesod/sheet/converters/url/UrlImageConverter.java	Refactors URL image fetching to enforce policy checks, redirect limits, and maximum read size; validates image type.
fesod-sheet/src/main/java/org/apache/fesod/sheet/converters/url/CidrBlock.java	Adds CIDR parsing and matching used for private-network allowlisting.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Pull request overview

Copilot reviewed 5 out of 5 changed files in this pull request and generated 4 comments.

[bengbengbalabalabeng]

LGTM