GHSA-h6vv-pcq8-7xm4

### Summary The base-migration endpoint accepted a caller-supplied URL that the migration worker dereferenced without enforcing protocol or destination, allowing scheme abuse (`file:`, `ftp:`, etc.) and probing of internal HTTP destinations.

### Details The `migrate` endpoint is restricted to the workspace owner role by ACL. The remaining gaps were (a) protocol validation — the controller now parses `body.migrationUrl` as a `URL` and rejects anything whose protocol is not `http:` or `https:` — and (b) private destination filtering — the worker already runs through `useAgent(targetUrl)` from `request-filtering-agent`, which blocks RFC 1918, loopback, and link-local at the socket layer.

### Impact With the workspace owner role, a malformed URL could be used to coerce the migration worker into reading local files or talking to non-HTTP services; combined with the HTTP-only filter, owner-supplied targets could not reach private ranges.

### Credit This issue was reported by Devel Group Security Research Team through [@TREXNEGRO](https://github.com/TREXNEGRO). It was independently reported by [@Lihfdgjr](https://github.com/Lihfdgjr) and [@bugbunny-research (https://github.com/bugbunny-research).