Allow toolchain URLs in binary string audit (static build artifacts)

gcc/glibc embed bug tracker URLs (bugs.launchpad.net, gcc.gnu.org,
sourceware.org) into statically-linked binaries. These are compiler
artifacts, not our code.

Author: DeusData

scripts/security-strings.sh

@@ -50,6 +50,10 @@ ALLOWED_URLS=(
     # SQLite internal URLs (part of vendored sqlite3 strings)
     "https://sqlite.org"
     "https://www.sqlite.org"
+    # Toolchain URLs embedded by compiler/linker in static builds
+    "https://bugs.launchpad.net"
+    "https://gcc.gnu.org"
+    "https://sourceware.org"
 )
 
 while IFS= read -r url; do