Change to .NET Runtime breaks reverse proxy configuration for auth libraries

[TimHess]

In this change that was backported to .NET 8.0.17 and 9.0.6, X-Forwarded* headers are no longer used if they came from an unknown proxy.

Because Steeltoe does not set any KnownProxies on ForwardedHeadersOptions, OpenIdConnect link generation and Certificate Authorization are impacted.

While not explicitly stated in its documentation, I've discovered that the IP address that needs to be configured as a known proxy in Cloud Foundry may be identified by one of two env variables: CF-INSTANCE-IP or CF-INSTANCE-INTERNAL-IP.

For Certificate auth: it is trivial to register that address in CertificateAuthorizationBuilderExtensions when the env var is set.

For OpenIdConnect: Steeltoe documents how, but does not directly configure ForwardedHeadersOptions.

[TimHess]

After further investigation, it looks like while the variables could be used in our test environment, they are not actually guaranteed to be in any way related to a valid reverse proxy address and are unlikely to provide a reliable solution