Only 127.0.0.1 is a trusted proxy by default

[micahlee]

Currently, if the TRUSTED_PROXIES environment variable is not set, Conjur falls back to the default Rack behavior for trusted proxy IP address. This causes it to trust all non-routable IP address according to the regex: https://github.com/rack/rack/blob/master/lib/rack/request.rb#L19

This prevents a spoof risk from intranet IP addresses when trusted proxies are not configured. This also may cause it to appear like reverse proxies and load balancers are working correctly, when the may not work if the IP address don't match the regex. Further, this makes the rules for how Conjur selects the client IP address more complicated than they need to be.

To simplify this, Conjur should only trust 127.0.0.1 and those IP addresses (or ranges in CIDR notation) explicitly configured in the TRUSTED_PROXIES, with no fallback to the Rack regex.

DoD:

• SPIKE: To determine what needs to change in code.
• SPIKE: Does anything else in the product depend on this.
• TEST: when no TRUSTED PROXY is set and IP is non-routable