fix: render tool_url as plain text in notification card

Avoid rendering the URL as a clickable link to prevent admin-targeted
URL injection attacks where a malicious user crafts a misleading href.

Author: arash77

client/src/components/Notifications/NotificationCard.vue

@@ -193,10 +193,7 @@ function markNotificationAsSeen() {
                     <template v-if="props.notification.content.tool_url">
                         <dt>URL</dt>
                         <dd>
-                            <BLink :href="props.notification.content.tool_url" target="_blank">
-                                {{ props.notification.content.tool_url }}
-                                <FontAwesomeIcon :icon="faExternalLinkAlt" fixed-width size="sm" />
-                            </BLink>
+                            <span class="text-break">{{ props.notification.content.tool_url }}</span>
                         </dd>
                     </template>
                     <template v-if="props.notification.content.scientific_domain">