Feature/per app access

[berkes]

This adds a whitelisting feature to allow a certain range of IP-addresses.
Usefull for that (in-house) testing, staging or v2.0 environment.

Each app can have an "access" entry. Where you can add a list of IP-addresses
that are allowed. When defined, each address will be added to the nginx configuration as allowed, all other addresses will be denied.

More information on the Nginx documentation
The template will add the denied, then the allowed IP-addresses.

    "access": {
      "allowed": ["127.0.0.1"]
    }

This will only allow users from 127.0.0.1 access to the app. All others will be denied.

    "access": {
      "denied": ["127.0.0.1"],
      "allowed": ["127.0.0.0/24"]
    }

This will allow access for users from IP range 127.0.0.0/24, but makes an exception for IP-address 127.0.0.1 which is denied access.

NOTE: the denied is not meant to replace full-blown IP-blocking. Its intended
use is to allow IPB-blocks in allow, then remove one or two specific ones by denying them again.
I.e: to aid the whitelisting, not to be used as a blacklisting. But when using only the denied list, you can have blacklisting. However, the moment you add an allowed address, we add "deny all" to the access configuration.

NOTE: This is not meant to replace access control, nor will it scale well for
large amounts of IP-addresses. The intented use is to open up e.g. a testing version
of an app to a limited set of users.