fix: Add username validation to avatar endpoints

Add Hive account name validation to avatar proxy endpoints in both
blog and wallet apps. Invalid usernames now return 400 Bad Request
instead of being passed to the image host.

Validation uses wax library with regex fallback for thread-safety.
The validation logic is centralized in @hive/transaction package
and re-exported from apps/blog/utils/validate-links.ts for
backwards compatibility.