caddyhttp: Add server-level trusted_proxies config

[francislavoie]

Partial work for #4924 as per my plan in #4924 (comment)

We've had requests for defining trusted_proxies globally, so it doesn't need to be configured for each reverse_proxy. This does that.

But also, this opens the door for more places we can use trusted proxies, such as in #4924 which asks for getting the real client IP. We can do that by looking at the XFF header if the proxy is trusted. That part isn't done in this PR, edit: this is in #5104!

Also we might want to change how remote_ip forwarded works, possibly making it not trust forwarded by default (which would be a breaking change... but eh, it's known to be insecure right now). And maybe we should add client_ip to the logs. See #5104 for the logs part.

[mholt]

Thanks - overall this LGTM, just a question about implementation. I still want to review this one more time before merging, even if no more changes are made. Not sure if it'll go into 2.6.2 or 2.6.3.

[francislavoie]

I'll get back to this soon. My priorities had been elsewhere for the past while.

[francislavoie]

Alright, this is ready for another round of review. I'm pretty happy with this.

[mholt]

This is looking great!

My only request is, can we use the existing Vars context value instead of creating a new one? Each time we create a new one, it makes writing mocks a little more tedious and error-prone.

[francislavoie]

We are. That's where vars is first initialized 🤔 but maybe I don't understand what you mean.

[mholt]

Wow you're right. I'm blind. LGTM! Thank you :)