Harden admin request sanitization and bump version to 1.7.0

[happyloa]

Motivation

• Address plugin review findings to ensure all admin request parameters are sanitized, validated, and escaped.
• Prevent unsafe raw GET input from reaching template rendering or internal logic to reduce XSS and data integrity risks.
• Keep release metadata consistent by bumping the plugin version constants and headers to the new release.

Description

• Replace uses of filter_input(..., FILTER_UNSAFE_RAW) with explicit sanitizers such as FILTER_SANITIZE_FULL_SPECIAL_CHARS and FILTER_SANITIZE_NUMBER_INT in src/AdminPage.php for parameters like risk_sort, risk_order, risk_search, updated, scan, notifications, failed_notification, run_at, and _wpnonce.
• Continue validating values after sanitization (for example using sanitize_key(), sanitize_text_field(), absint(), and in_array() checks) to enforce allowed values and types.
• Bump the runtime Version::NUMBER constant in src/Version.php to 1.7.0 and update the plugin header Version in site-add-on-watchdog.php and the Stable tag and changelog in readme.txt to reflect the 1.7.0 release.
• Add a short changelog entry noting the sanitization hardening and version bump.

Testing

• No automated tests were executed as part of this change.
• Code changes are limited to input sanitization and metadata updates and preserve existing validation paths such as sanitize_key() and sanitize_text_field() which continue to run after sanitization.
• A commit was created that contains the updates to src/AdminPage.php, src/Version.php, site-add-on-watchdog.php, and readme.txt.
• Recommend running the existing test suite (phpunit) and a manual admin workflow verification after deployment to confirm behavior in the admin UI.

---

Codex Task