fix: validate google fonts host when resolving material symbols font urls

Agent-Logs-Url: https://github.com/MudBlazor/MudBlazor.Icons/sessions/fc7706eb-3126-40d0-a98c-7a41f446deb0

Co-authored-by: danielchalmers <7112040+danielchalmers@users.noreply.github.com>

Author: Copilot

src/GoogleMaterialDesignIconsGenerator/Service/IconHttpClientService.cs

@@ -95,7 +95,18 @@ private static Uri ResolveWoff2Url(string cssContent, string familyName)
             throw new InvalidOperationException($"Failed to resolve .woff2 URL from Google Fonts CSS for '{familyName}'.");
         }
 
-        return new Uri(match.Groups["href"].Value, UriKind.Absolute);
+        if (!Uri.TryCreate(match.Groups["href"].Value, UriKind.Absolute, out var uri))
+        {
+            throw new InvalidOperationException($"Resolved an invalid .woff2 URL from Google Fonts CSS for '{familyName}'.");
+        }
+
+        if (!uri.Scheme.Equals(Uri.UriSchemeHttps, StringComparison.OrdinalIgnoreCase) ||
+            !uri.Host.Equals("fonts.gstatic.com", StringComparison.OrdinalIgnoreCase))
+        {
+            throw new InvalidOperationException($"Resolved an unexpected .woff2 URL host '{uri.Host}' from Google Fonts CSS for '{familyName}'.");
+        }
+
+        return uri;
     }
 
     public void Dispose()