1. Security: SSRF via User-Controlled Storage Config in POST /spaces/{space_id}/test-connection
A critical Server-Side Request Forgery (SSRF) vulnerability exists in the `test_connection_endpoint` of the application's backend. The endpoint accepts a `SpaceConnectionRequest` payload and passes the user-controlled `storage_config` dictionary directly to the `ugoite_core.test_storage_connection()` function. This con...