Improve URL validation before yt-dlp ingestion

[iotku]

Currently we have fairly acceptable validation with the whitelist prefixes, but now that we present the user provided URLs we should consider additional validation to avoid XSS problems.

Currently, I'm unaware of any particular issues there, but it would be a good idea to have increased scrutiny.

[iotku]

In particular with c356143 we expose the path for a yt URL directly which I BELIEVE html.EscapeString() converts appropriately for inclusion in <a href="..."> for the mumble chat but it would be likely preferable that we verified further that the URL met all the valid constraints before that point.