Support IPv6

The classic 127.0.0.1 is a very typical SSRF payload but the Internet supports IPv6 as well. This means that you should also support IPv6 addresses in your SSRF protection. Did you know that loopback IPv6 addresses are ::1 and `::ffff: ? You should also consider these addresses as reserved.

If a URL uses an IPv4 Mapped address via IPv6 that turns out to be reserved, you should reject the request. This is because the URL is not a valid IPv6 address.

Test for IPv6 reserved addresses

Consider the following test case for IPv6 reserved addresses:

    await assert.rejects(
      urlSheriff.isSafeURL('https://::ffff:192.0.2.128:3000'),
      {
        name: 'Error',
        message: 'URL uses a private hostname'
      }
    )