Merge pull request #88 from smeinecke/feat/allow-private-proxies

Merging — thanks @smeinecke. The fail-closed default (`ALLOW_PRIVATE_PROXY_HOSTS=` empty) preserves SSRF protection for public deployments while unblocking local/private-network testing for opt-in users.

Follow-ups for v2.0.27 (will track in repo, no action needed from you):
- Add a `test/ssrf.test.js` covering: default-OFF rejects 192.168/10.x/localhost, opt-in `ALLOW_PRIVATE_PROXY_HOSTS=1` allows them, IPv6 link-local still rejected.
- Doc note: this switch should NOT be enabled on public-facing dashboards.
- Will rebase #90 on top of this once you fix the account-create-before-proxy-validation ordering (see comments there).