fix(security): Prevent CSS injection in profile cover images

Add validation and escaping for cover image URLs used in CSS contexts.

Changes:
- Create css-utils with escapeCssUrl() and isSafeImageUrl()
- Migrate wallet profile-layout from proxifyImageUrl to proxifyImageSrc
- Add CSS escaping to both blog and wallet profile layouts
- Export css-utils from @ui/components

The wallet was using the older proxifyImageUrl which doesn't encode
URLs, making it vulnerable to CSS injection. Now both apps use
proxifyImageSrc (Base58 encoding) plus CSS escaping for defense-in-depth.