http: reimplement X-Forwarded-For parsing (#4355)

This feature needs to be enabled through the `http.use_x_forwarded_for` option,
satisfying security concerns of spoofed remote addresses in untrusted network
environments.

The testsuite was enhanced to explicitly test the functionality of the
header.

Fixes #4265.

Signed-off-by: Martin Weinelt <hexa@darmstadt.ccc.de>

tests/scripts/test_check_config.py

@@ -165,7 +165,8 @@ class TestCheckConfig(unittest.TestCase):
 
             self.assertDictEqual({
                 'components': {'http': {'api_password': 'abc123',
-                                        'server_port': 8123}},
+                                        'server_port': 8123,
+                                        'use_x_forwarded_for': False}},
                 'except': {},
                 'secret_cache': {secrets_path: {'http_pw': 'abc123'}},
                 'secrets': {'http_pw': 'abc123'},