Add option to bind ConfigManager to trusted interface

[GoogleCodeExporter]

What steps will reproduce the problem?
1. Install and configure PWM
2. Unlock PWM configuration unlocked
3. Users can access CongigManager without authentication ( currently use Apache 
reverse proxy rules to accomplish this )

What is the expected output? What do you see instead?

Users see the yellow bar and can configure PWM.  Bad guys could potentially try 
and submit XMLs (based on observed behavior of PWM) to unlock it.

What version of PWM are you using? 1.6.4

What ldap directory and version are you using? RHDS9

Please paste any error log messages below:

Original issue reported on code.google.com by justin.m...@ndpgroup.com on 9 Aug 2013 at 7:33

[GoogleCodeExporter]

Don't unlock a production config, thats the whole point of locking.  Current 
builds allow editing a locked config after entering a password stored in the 
config file.

Original comment by jrivard on 9 Aug 2013 at 1:19

• Changed state: Invalid