fix PW-001: Incorrect Hostname Parsing in pw::URLInfo::parse Leads to Denial of Service

[UE2020]

The pw::URLInfo::parse function incorrectly parses URLs that contain a query string or fragment but lack a path component (e.g., https://example.com?q=1). The logic first searches for a path separator (/) to delimit the host from the path. If no / is found, it incorrectly assumes the entire remainder of the URL string is the host. This results in the query string and/or fragment being included as part of the host member of the URLInfo object.
When this malformed URLInfo object is used by client functions like pw::fetch, the hostname() method returns an invalid hostname (e.g., "example.com?q=1"). This value is then passed to pn::getaddrinfo for DNS resolution, which will almost certainly fail. This can be exploited by a malicious server that issues a redirect (3xx) to a specially crafted URL, causing the Polyweb client to fail its next request and effectively creating a denial of service for the client application.

The fix involves rewriting the parsing logic to correctly identify the end of the URL's authority section (which contains the host) by looking for the first occurrence of a path (/), query (?), or fragment (#) delimiter. This ensures the host is extracted correctly, and the subsequent parsing of the path and query parameters proceeds from the correct position in the URL string.