Search for duplicate feature request

• I already searched, and this feature request or improvement is not a duplicate.

Feature scope

Configuration (e.g. TOML) or CLI/env option

Feature request related to a problem

The log_remote_address option currently always logs the contents of the X-Forwarded-For header. This is problematic when static-web-server is used without a trusted proxy in front, because a client could send this header and "poison" the log. More details can be found in this MDN document.

Describe the solution you'd like

I would like a trusted_proxies option which would allow specifying from which IP addresses the X-Forwarded-For header is allowed to be read. I have actually already implemented this in 4cfa569.

Describe alternatives you've considered

An alternative would be to have a boolean trust_x_forwarded, which toggles the option for all IPs. This is not as fine grained though.

Build target

All targets

Additional context

My original Plan was to just submit a draft PR with the changes i made. Before doing that i looked for a Contributing.md file. When opening the PR i was a bit surprised to see the policy that PRs will only be accepted with a related issue, so it would be awesome if a contributing.md file is created :)