fix(jupyter): bind notebook services to loopback by default

[Edd88-pixel]

Description

Jupyter authentication is disabled in these modules because access is expected
to pass through Coder. However, both services were bound to every network
interface, which could allow workloads on the same network to bypass the Coder
application proxy.

This change:

• adds a host input to jupyter-notebook and jupyterlab;
• defaults host to 127.0.0.1;
• rejects whitespace, quotes, command separators, substitutions, and other
  shell-unsafe characters;
• preserves the existing Coder application URLs, JupyterLab base URL modes,
  healthcheck, configuration, installers, and logging behavior;
• documents 0.0.0.0 as an explicit, less secure override for advanced use
  cases.

Type of Change

• New module
• New template
• Bug fix
• Feature/enhancement
• Documentation
• Other

Module Information

Paths:

• registry/coder/modules/jupyter-notebook
• registry/coder/modules/jupyterlab

New versions: v1.3.0 for both modules
Breaking change: [ ] Yes [x] No

Testing & Validation

• Tests pass (bun test)
• Code formatted (bun run fmt)
• Changes tested locally

Executed:

• bun install
• bun run fmt
• bun run tftest
• bun run tstest
• terraform init -upgrade, terraform validate,
  terraform test -verbose, and bun test main.test.ts in each affected
  module
• ./scripts/terraform_validate.sh with explicit ALL_CHANGED_FILES and
  MODULE_CHANGED_FILES
• bun run shellcheck for both modified launch scripts
• .github/scripts/version-bump.sh minor
• .github/scripts/version-bump.sh --ci minor origin/main
• container runtime checks with ss, confirming Jupyter Notebook on
  127.0.0.1:19999 and JupyterLab on 127.0.0.1:19998

Related Issues

Closes #585