The current send_callback implementations in backend/app/utils.py and backend/app/api/routes/threads.py are vulnerable to SSRF attacks and lack consistent safety checks.

Research and update send_callback to follow best practices for secure outbound callbacks

Add URL validation to prevent SSRF (localhost, private IPs, metadata endpoints).
Enforce HTTPS-only URLs.
Disable redirects or revalidate on each redirect.
Apply consistent short timeouts and response size limits.

Goal:
Ensure send_callback is secure, robust, and aligned with industry best practices for sending HTTP callbacks safely.