Support X-Forwarded-For header from reverse proxy

[kantlivelong]

First Check

• I used the GitHub search to find a similar requests and didn't find it.
• Checked the tasks tagged issues and verified my feature is not covered

Please provide a concise description of the problem that would be addressed by this feature.

Mealie does not properly log the client IP when behind a reverse proxy.

Example:

INFO:     127.0.0.6:35887 - "GET /api/app/about HTTP/1.0" 200 OK

The client IP in my case would either be an internet address or an address from my LAN other than the reverse proxy. In this case the IP is from Istios mTLS proxy.

Please provide a concise description of the feature that would resolve your issue.

Recognizing the X-Forwarded-For header.

Please consider and list out some caveats or tradeoffs made in your design decision

Mealie must also have a complimentary trusted proxy IP/CIDR list.

Additional Information

• If this is accepted I'm willing to submit a PR to provide this feature
• If this is accepted I'm willing to help maintain this feature
• I'm willing to sponsor/pay a developer to do this work

[kantlivelong]

I also wanted to note that the auth process has a partial implementation for this though it does not include the whitelist which would allow an attacker to spoof any IP desired in the auth log.

https://github.com/mealie-recipes/mealie/blob/mealie-next/mealie/routes/auth/auth.py#L40

[hay-kot]

Notes for implementation: these logs are from uvicorn. It looks like we may just need to provide a flag on start.

• https://www.uvicorn.org/deployment/#running-behind-nginx