How insecure SNS subscription confirmation patterns in docs and sample code can lead to SSRF, and how that pattern led to CVE-2026-32096 in Plunk.