server: block server access via non-local domains

[cebtenzzre]

trafficstars

This PR contains the necessary code to prevent a potential DNS rebind attack of the local server, in which a malicious remote host points their domain name to a local IP address to bypass CORS, allowing a client-side script in a web browser to access the local GPT4All instance. This is exacerbated by the fact that the local server currently provides no authentication mechanism.

~~TODO: Test this change.~~ done.