add support for matching request address based on headers

[tobikris]

If you deploy vault behind a reverse proxy like traefik the request address is not accurate and therefore the instance address will never match. This PR adds the option to also use request headers for matching the address. Please note that you have to configure the auth plugin to use the headers and also tune vault to pass them trough in the first place.