fix: handle optional % prefix before hex payload in masked inspect URLs

Some Steam clients prepend a literal % before the hex payload in masked
inspect URLs (e.g. csgo_econ_action_preview%20%FDED5D6F...). This was
causing deserialization to fail with "Payload too short or invalid hex".

Author: vlydev

src/InspectLink.php

@@ -102,7 +102,7 @@ public static function deserialize(string $hexOrUrl): ItemPreviewData
     public static function isMasked(string $link): bool
     {
         // Pure hex blob (new steam://run/730// format)
-        if (preg_match('/csgo_econ_action_preview(?:%20|\s)[0-9A-Fa-f]{10,}$/i', $link)) {
+        if (preg_match('/csgo_econ_action_preview(?:%20|\s)%?[0-9A-Fa-f]{10,}$/i', $link)) {
             return true;
         }
         // Hybrid: S/A/D prefix with hex proto after D
@@ -137,7 +137,7 @@ private static function extractHex(string $input): string
 
         // Pure masked format: csgo_econ_action_preview%20<hexblob> (no S/A/M prefix).
         // Also handles payloads whose first hex character happens to be A.
-        if (preg_match('/csgo_econ_action_preview(?:%20|\s|\+)([0-9A-Fa-f]{10,})$/i', $stripped, $m)) {
+        if (preg_match('/csgo_econ_action_preview(?:%20|\s|\+)%?([0-9A-Fa-f]{10,})$/i', $stripped, $m)) {
             return $m[1];
         }