Use Spoofchecker::isSuspicious in phishing link host analysis

[Copilot]

Current phishing link detection only flagged host mismatches between anchor text and href, which misses homograph/suspicious-host cases when both sides match. This change adds suspicious-host detection using ICU Spoofchecker as an additional signal, with safe fallback when unavailable.

• Detection logic update (LinkCheck)

  • Extract parsed hosts for normalized href and displayed link text.
  • Mark link as phishing when:
    • hosts differ (existing behavior), or
    • either host is flagged by Spoofchecker::isSuspicious.
  • Introduce isSuspiciousHost(?string $host): bool to encapsulate spoof checking and tolerate missing extension/runtime errors.

• User-facing phishing message

  • Update warning text from mismatch-only phrasing to include suspicious-host cases.

• Targeted unit coverage

  • Add a focused test case for “matching host but suspicious” to verify the new branch.

$hrefHost = parse_url($this->parse($url), PHP_URL_HOST);
$linkTextHost = parse_url($this->parse($zipped['linkText']), PHP_URL_HOST);

if ($hrefHost !== $linkTextHost
	|| $this->isSuspiciousHost($hrefHost)
	|| $this->isSuspiciousHost($linkTextHost)) {
	$results[] = [
		'href' => $url,
		'linkText' => $zipped['linkText'],
	];
}