Provide a whitelist of allowed hostnames to mitigate a host header attack

[btelnes]

What does this PR do? Please provide some context

Most web servers are configured to pass unrecognized/arbitrary host headers to the first virtual host. This change mitigates a host header attack by providing a whitelist for both LMS/CMS during installation.

Where should the reviewer start?

Any of the files.

How can this be manually tested? (brief repro steps and corpnet-URL with change)

1) Deploy STAMP specifying a whitelist of hostnames for LMS/CMS.

e.g. -EdxAppLmsAllowedHosts "lms-openedx-tm.trafficmanager.net,preview-openedx-tm.trafficmanager.net" -EdxAppCmsAllowedHosts "cms-openedx-tm.trafficmanager.net"

2) Verify that lms.env.json and cms.env.json contain their respective whitelists (LMS_ALLOWED_HOSTS and CMS_ALLOWED_HOSTS) 3) Verify that LMS/CMS continue to function as expected.

What are the relevant TFS items? (list id numbers)

Bug 110829

Definition of done:

• [ ] Title of the pull request is clear and informative
• [ ] Add pull request hyperlink to relevant TFS items
• [ ] For large or complex change: schedule an in-person review session
• [ ] This change has appropriate test coverage
• [ ] Get at least two approvals

Reminders DURING merge

1. If you're merging from a short-term (feature) branch into a long-term branch (like dev, release, or master) then "Squash and merge" to keep our history clean.
2. If merging from two longterm branches (like cherry picks from upstream, dev to release, etc) then "Create merge commit" to preserve individual commits.