`gollum-lib` allows HTTPS based SSRF via `Gollum::Filter::RemoteCode`

Summary

SSRF is possible via Wiki pages due to a gollum-lib feature.

Details

As documented in lib/gollum-lib/filter/remote_code.rb:

# Remote code - fetch code from url and replace the contents to a
#               code-block that gets run the next parse.
#           Acceptable formats:
#              ```language:local-file.ext```
#              ```language:/abs/other-file.ext```
#              ```language:https://example.com/somefile.txt```

There's a RemoteCode filter which allows to pull content from arbitrary HTTPS URLs. No further validation takes place to protect from SSRF issues.

Steps to reproduce

Create a Wiki page with the following content:

```html:https://gitlab.com/```

and make sure to pick RDoc from the dropdown.

@phikai @dsatcher can you please schedule this issue?