Disallow access in publicly exposed services (#1761)

* Add security against publicly exposed services
* Add trusted proxies setting, validate proxy chain against internet access
* Validate chain on local proxies too
* Move authentication handler to separate file
* Add startup check and log if tripwire is active

Co-authored-by: WithoutPants <53250216+WithoutPants@users.noreply.github.com>

graphql/documents/data/config.graphql

@@ -24,6 +24,7 @@ fragment ConfigGeneralData on ConfigGeneralResult {
   username
   password
   maxSessionAge
+  trustedProxies
   logFile
   logOut
   logLevel

graphql/schema/types/config.graphql

@@ -73,6 +73,8 @@ input ConfigGeneralInput {
   password: String
   """Maximum session cookie age"""
   maxSessionAge: Int
+  """Comma separated list of proxies to allow traffic from"""
+  trustedProxies: [String!]
   """Name of the log file"""
   logFile: String
   """Whether to also output to stderr"""
@@ -152,6 +154,8 @@ type ConfigGeneralResult {
   password: String!
   """Maximum session cookie age"""
   maxSessionAge: Int!
+  """Comma separated list of proxies to allow traffic from"""
+  trustedProxies: [String!]!
   """Name of the log file"""
   logFile: String
   """Whether to also output to stderr"""