fix(sec): embed-block の src 属性検証を強化

- embed-block において、`src` 属性が `https://` で始まるかを大文字・小文字を区別せずチェックするように

Author: r74tech

packages/render/src/elements/embed-block.ts

@@ -76,7 +76,8 @@ const purify = DOMPurify(window);
 // Add hook to validate src attribute (only allow https://)
 purify.addHook("uponSanitizeAttribute", (_node, data) => {
   if (data.attrName === "src" && data.attrValue) {
-    if (!data.attrValue.startsWith("https://")) {
+    // Case-insensitive check for https:// scheme
+    if (!data.attrValue.toLowerCase().startsWith("https://")) {
       data.attrValue = "";
       data.forceKeepAttr = false;
     }