Bug 5241: Block all non-localhost requests by default (#1164)

Bug 5241: Block all non-localhost requests by default (#1164)

This change goes one step further than commit 6d2f8ed in satisfying the
same "by default, introduce no new attack vectors" principle.

Commit 6d2f8ed blocked access to localhost and to-link-local services
but still allowed access to potentially vulnerable popular cloud
instance metadata services running on site-local IPv6 addresses. It also
still allowed external access to localnet services that could be
completely unprepared for such dangers! This change closes those holes.

This default configuration has two extra deny rules. These rules become
necessary only when the admin adds an "http_access allow" rule below
them. We enabled these rules despite their overheads, including more DNS
queries in some environments, so that the admin does not have to
remember to enable them when following our "INSERT...HERE" instructions.