Make X-Forwarded-For behaviour configurable at the redirector level

[inzlain]

Implement functionality to allow users to configure the X-Forwarded-For behaviour on each redirector.

Possible values could include:

• Left-most value
• Right-most value
• Left-most non-private value
• Right-most non-private value
• Custom header (i.e. set a specific client IP manually via a different header than X-Forwarded-For) - This could let the user have an option to work around any unruly CDNs or tech stacks that don't have any sane behaviour.
• Forwarded header - Decide if we can/should also add support for Forwarded header now being implemented by some tech stacks.

---

Decide on the best default behaviour:

• Left-most value - Better compatibility with CDNs, potential spoofing but users are expected to ensure their redirectors provide trusted values. See Issue #1 for additional context.
• Left-most non-private value - Maintains CDN compatibility and limits (but maybe doesn't prevent?) spoofing, recommended approach as documented here.
• Right-most value - Worse compatibility with CDNs, prevents spoofing in cases where users don't test and configure redirectors properly.

My instinct says revert back to left-most but implement the non-private check. Only possible edge case I see is if there is no non-private IP (i.e. dev/testing), but this could be addressed by reconfiguring the redirector or having a fallback to just take the leftmost if there is only private addresses.

---

Update the CDN specific redirector documentation to include recommendations on how this should be set for specific CDNs / tech stacks.

[th3Bak3r]

Agreed that defaulting to left-most (for better compatibility) in combination with user-configuration function (regexes?) would work well.

I did have some thoughts around CDN vendor specific presets, but that could end up badly as vendors love changing things all the time.