Block private network requests

[pajlada]

Currently, the API can make requests to the local network (e.g. 192.168.0.1)

We should block this

See https://datatracker.ietf.org/doc/html/rfc1918

Specifically

10.0.0.0        -   10.255.255.255  (10/8 prefix)
172.16.0.0      -   172.31.255.255  (172.16/12 prefix)
192.168.0.0     -   192.168.255.255 (192.168/16 prefix)

[pajlada]

Direct requests (e.g. https://192.168.0.1) no longer load as of #529 - there's some additional progress to make sure domains like https://192.168.0.1.nip.io don't load