Only allow internal addresses to update FS and RTP caches

[two56]

I've updated the internal check in the OPTIONS handler so it doesn't rely on the presence of the X-RTP-Status or X-FS-Status header, instead it checks the source address against the internal network CIDR.

[davehorton]

two things:

1. I think I would prefer if this were refactored into drachtio middleware
2. If an external system is sending an OPTIONS that includes these headers, I think we should return a failure result, maybe a simple 503, and log a distinctive info message (so that if we wanted we could have something like fail2ban block the source)
3. In other places in the project we use the CIDRMatcher package for this sort of thing, can we use that instead of the custom code?

[two56]

Hi Dave,

I probably haven't got the knowledge of the drachtio middleware to move the logical backwards. If you can give me some pointers I'm happy to give it a go.

I've updated the code to use cidr-matcher but I haven't added the 503 as, in my mind anyway, that would give someone a clue they're doing the "right" thing. Happy to change this if you disagree.