Fix open redirect in template share link controller

params[:redir] was used directly without validation, allowing
redirects to external URLs. Now only allows relative paths.

app/controllers/templates_share_link_controller.rb

@@ -10,7 +10,7 @@ class TemplatesShareLinkController < ApplicationController
 
     @template.update!(template_params)
 
-    if params[:redir].present?
+    if params[:redir].present? && params[:redir].start_with?('/')
       redirect_to params[:redir]
     else
       head :ok