Prevent fetching from IPv4-mapped IPv6 addresses

[letitz]

Quoting my distinguished self from https://github.com/WICG/private-network-access/issues/36:

Dual stack applications such as modern browsers should never have to deal with IPv4-mapped IPv6 addresses (https://tools.ietf.org/html/rfc4291#section-2.5.5), as they can simply use IPv4 addresses instead. This is not the case today however, at least in Chromium, in which for example [::ffff:7f00:1] resolves to localhost.

It seems to me that Fetch should forbid accesses to such IP addresses. What do y'all think?

[annevk]

Having multiple addresses for the same endpoint is indeed not ideal. And the URL parser shouldn't normalize since there might be other contexts that are not dual stack I suppose. Given all that this seems reasonable based on my rather brief analysis, but I'll double check internally.

[annevk]

So these IPv6 addresses need to be accounted for whenever restrictions on IPv4 addresses are made. Is that the main harm here? I suspect it might also be problematic that there's multiple addresses for the same endpoint? Anything else?