DEV: Add validation for allowed iframes setting (#28178)

- Adds a validator for the allowed iframes site setting
- Adds a migration to update any values that don't pass the validator

Follow up to: 188cb58daa833839c54c266ce22db150a3f3a210

lib/validators/allowed_iframes_validator.rb

@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+
+class AllowedIframesValidator
+  # Url starts with http:// or https:// and has at least one more additional '/'
+  VALID_ALLOWED_IFRAME_URL_REGEX = %r{\Ahttps?://([^/]*/)+[^/]*\z}x
+
+  def initialize(opts = {})
+    @opts = opts
+  end
+
+  def valid_value?(values)
+    values.split("|").all? { _1.match? VALID_ALLOWED_IFRAME_URL_REGEX }
+  end
+
+  def error_message
+    I18n.t("site_settings.errors.invalid_allowed_iframes_url")
+  end
+end