fix: allow RFC2544 benchmark range (198.18.0.0/15) through SSRF filter

Telegram's API and file servers resolve to IPs in the 198.18.0.0/15
range (RFC 2544 benchmarking range). The SSRF filter was blocking these
addresses because ipaddr.js classifies them as 'reserved', and the
filter also had an explicit RFC2544_BENCHMARK_PREFIX check that blocked
them unconditionally.

Fix: exempt 198.18.0.0/15 from the 'reserved' range block in
isBlockedSpecialUseIpv4Address(). Other 'reserved' ranges (TEST-NET-2,
TEST-NET-3, documentation prefixes) remain blocked. The explicit
RFC2544_BENCHMARK_PREFIX check is repurposed as the exemption guard.

Closes #24973

src/infra/net/ssrf.pinning.test.ts

@@ -51,12 +51,20 @@ describe("ssrf pinning", () => {
 
   it.each([
     { name: "RFC1918 private address", address: "10.0.0.8" },
-    { name: "RFC2544 benchmarking range", address: "198.18.0.1" },
+    { name: "TEST-NET-2 reserved range", address: "198.51.100.1" },
   ])("rejects blocked DNS results: $name", async ({ address }) => {
     const lookup = vi.fn(async () => [{ address, family: 4 }]) as unknown as LookupFn;
     await expect(resolvePinnedHostname("example.com", lookup)).rejects.toThrow(/private|internal/i);
   });
 
+  it("allows RFC2544 benchmark range addresses (used by Telegram)", async () => {
+    const lookup = vi.fn(async () => [
+      { address: "198.18.0.153", family: 4 },
+    ]) as unknown as LookupFn;
+    const pinned = await resolvePinnedHostname("api.telegram.org", lookup);
+    expect(pinned.addresses).toContain("198.18.0.153");
+  });
+
   it("falls back for non-matching hostnames", async () => {
     const fallback = vi.fn((host: string, options?: unknown, callback?: unknown) => {
       const cb = typeof options === "function" ? options : (callback as () => void);