New option (MemberPress integration): limit Turnstile to specific registration forms

[auutstudio]

More granular control of Turnstile is necessary for advanced users of MemberPress. This is because one feature of MemberPress Pro allows for signups on a membership to be restricted to those visitors who arrive on (very wide) ranges of IP addresses [by using wildcards]. The Whitelist IP option in Simple Cloudflare Turnstile doesn't support wildcards (although this fact isn't documented anywhere), so the number of individual IP addresses to list manually could quickly reach tens of thousands.

What's more: 1) the ability to configure MemberPress in this manner enables a use-case that some organizational customers rely upon: They might direct their entire staff to access the WordPress site from an alternate proxy URL (or multiple proxy URLs) such as: ourmembershipsite-com.proxy1.theircompany.org/register/gold-plan/ ourmembershipsite-com.proxy2.theircompany.org/register/gold-plan/ 2) Anyone's Cloudflare account needs all domains that will utilize the API to be declared in advance, of course. Even if all proxy URLs from all customers can be gleaned in advance, those URLs could be changed at their whim, without notice. 3) If ever that domain is one not prelisted on the Cloudflare account, then those customers will receive an 'Invalid Domain' error from Turnstile -- and have no possible recourse to move past the registration form.

As a result, it's important to have the ability to limit Turnstile to only a subset of MemberPress forms, much like can be accomplished for WPForms by disabling specific IDs.

This pull request adds a new setting for storing a list of MemberPress product IDs, separated by newlines, which become an array to compare at runtime to determine whether to load a Turnstile challenge or not.

[ElliotSowersby]

Thank you! This has now been added with 1.26.0.