Restrict ValidateRepo API to allowed git providers

[KerwinTsaiii]

Summary

ValidateRepoHandler accepts arbitrary user-supplied URLs and performs remote validation (including dulwich ls_remote) without applying the same provider whitelist checks used by the spawner path.

Why this matters

This broad URL reachability can be abused for SSRF-style probing/internal network access attempts from the hub context.

Current behavior

• ValidateRepoHandler validates arbitrary URL input.
• It can attempt outbound requests to non-approved hosts.
• Spawner path has whitelist checks, but validation API does not enforce equivalent constraints.

Expected behavior

Repository validation should enforce scheme and hostname restrictions identical (or stricter) to spawn-time validation.

Proposed fix

• Require http/https scheme.
• Enforce host whitelist via gitClone.allowedProviders (same matching rule as spawner).
• Return clear 4xx responses for disallowed hosts.
• Add tests for allowed/disallowed host cases.

Acceptance criteria

• Validation API rejects non-whitelisted providers with 4xx.
• Allowed providers continue to validate normally.
• Tests cover whitelist enforcement.