Security: Only trust local proxies unless overidden

[pglombardo]

Description

This PR adds a rule to only trust proxies on the local network.

This fixes a weakness where the X-Forwarded-For header could be spoofed by unauthorized clients to bypass the rate limiter.

This can be overridden by the new trusted_proxies setting:

### Trusted Proxies
#
# By default, Password Pusher will only proxy related headers from proxies on
# the local network.  If you are using a proxy that is not on the local network,
# you will need to add the IP address of the proxy to the list below.
#
# This is useful if you are using a remote reverse proxy such as Cloudflare to
# serve the application.  If local, you can leave this setting as is.
# 
# Multiple IP addresses can be added by separating them with a comma.
#
# Environment Variable Override:
# PWP__TRUSTED_PROXIES='<ipaddress>'
# PWP__TRUSTED_PROXIES='<ipaddress1>,<ipaddress2>'
#
# trusted_proxies:
#   - '1.2.3.4'
#   - '2.3.4.5'

Related Issue

Type of Change

• 📚 Examples / docs / tutorials / dependencies update
• 🔧 Bug fix (non-breaking change which fixes an issue)
• 🥂 Improvement (non-breaking change which improves an existing feature)
• 🚀 New feature (non-breaking change which adds functionality)
• 💥 Breaking change (fix or feature that would cause existing functionality to change)
• 🔐 Security fix

Checklist

• I've written tests (if applicable) for all new methods and classes that I created. (rake test)
• I've added documentation as necessary so users can easily use and understand this feature/fix.