test: add coverage for domain_security wildcard-to-regex pattern compilation

[mrveiss]

Context

Discovered during code review of PR #3204 (CodeQL fixes for #3164).

Problem

In autobot-backend/security/domain_security.py, PR #3204 fixed a regex-injection vulnerability in _compile_patterns() by replacing:

regex_pattern = pattern.replace("*", ".*").replace(".", "\\.")

with:

parts = pattern.split("*")
regex_pattern = ".*".join(re.escape(p) for p in parts)

This also silently corrected a latent double-escaping bug in the original code: the old code replaced * with .* first, then replaced ALL . with \\. — including the . in the just-inserted .*, producing \\..* instead of .*. This means wildcard domain patterns (e.g., *.example.com) were being compiled incorrectly in production.

The fix is correct, but there are no tests covering this behavioral change. Any production config patterns that accidentally relied on the broken regex behavior will now match differently.

Expected behavior

Add unit tests for _compile_patterns() covering:

• *.example.com matches foo.example.com but not example.com
• example.* matches example.com but not foo.example.com
• Literal dots are escaped (e.g., example.com doesn't match exampleXcom)
• Multiple wildcards work (e.g., *.example.*)

Files

• autobot-backend/security/domain_security.py — _compile_patterns()

Related

• PR fix(security): resolve Python warning-severity CodeQL alerts (#3164) #3204, issue Security: Fix remaining ~125 CodeQL alerts (path-injection, JS, ReDoS, SSRF, LDAP) #3164