fix: codeql columns thing

Author: dartpain

application/storage/db/repositories/user_tools.py

@@ -182,6 +182,8 @@ def update(self, tool_id: str, user_id: str, fields: dict) -> bool:
         set_clauses: list[str] = []
         params: dict = {"id": tool_id, "user_id": user_id}
         for col, val in filtered.items():
+            if col not in _ALLOWED_COLUMNS:
+                raise ValueError(f"disallowed column: {col!r}")
             if col in _JSONB_COLUMNS:
                 set_clauses.append(f"{col} = CAST(:{col} AS jsonb)")
                 params[col] = _encode_jsonb(val)