fix: fix possible HTTP Response Splitting in roundup-server CodeQL flagged a possible HTTP Response Splitting in the Location header's URL. The AI suggested cleaning the Host value, except the URL also includes the query parameters in the URL so they could potentially trigger the issue. Th host header probably doesn;t have a newline or cr in it otherwise it wouldn't have been recognized by the server as a valid host. In any case strip all \n or \r from the url before use. Also update CHANGES.txt with fixing the gpg install.