fix: call system bugs and security hardening

- CallEmbed: fix memory leak — mx event listeners were never removed
  because dispose() called .bind(this) again, creating new function
  objects. Now uses arrow class fields so start()/dispose() share the
  exact same reference.
- callPreferences: toggleVideo is a no-op when cameraOnJoin=false,
  preventing internal state drift from the returned value.
- CallControls: PTT key guard now blocks on SELECT elements and walks
  the DOM for inherited contentEditable to prevent key interception
  inside dropdowns and custom editors.
- RoomInput: GIF fetch validates Giphy CDN domain allow-list,
  HTTP Content-Type header, and enforces 20 MB size cap.

src/app/features/call/CallControls.tsx

@@ -102,11 +102,19 @@ export function CallControls({ callEmbed }: CallControlsProps) {
       if (e.code !== pttKey || e.repeat) return;
       // Don't intercept keys typed into a text input or editable element
       const target = e.target as HTMLElement;
-      if (
-        target.tagName === 'INPUT' ||
-        target.tagName === 'TEXTAREA' ||
-        target.contentEditable === 'true'
-      ) return;
+      // Skip PTT if key is pressed inside any text-input or editable surface
+      const isEditable = (el: HTMLElement): boolean => {
+        const tag = el.tagName;
+        if (tag === 'INPUT' || tag === 'TEXTAREA' || tag === 'SELECT') return true;
+        let node: HTMLElement | null = el;
+        while (node && node !== document.body) {
+          if (node.contentEditable === 'true') return true;
+          if (node.contentEditable === 'false') return false;
+          node = node.parentElement;
+        }
+        return false;
+      };
+      if (isEditable(target)) return;
       e.preventDefault();
       if (!microphoneRef.current) callEmbed.control.setMicrophone(true);
       setPttActive(true);