fix: Validate external URLs before rendering as links

Add isSafeExternalUrl utility to validate that URLs use http/https
protocol before rendering them as clickable links. This prevents
potentially malicious URL schemes from being used in href attributes.

Applied to Twitter profile links from third-party API responses.