`UrlBlocker` protects GitLab and its users from attacks such as
Server Side Request Forgery and DNS Rebind attacks.

Until now, setting `allow_local_network` had no effect on blocking
`255.255.255.255`, whether true or false. Now, when
`allow_local_network` is set to `false` `255.255.255.255` is
blocked through the introduction of a check named
`validate_limited_broadcast_address`.

`255.255.255.255` is the "limited broadcast address", which is used to
make requests to all hosts on a local physical network [1]. Properly
configured routers won't route it. Historically it was used to wake up
offline PCs on a LAN which, since they were asleep, didn't have IP
addresses [2].

While `UrlBlocker` defaults `allow_local_network` to `true`, in
practice it is almost always `false` because of a convention to
use the GitLab configuration option which defaults to `false`.
If a GitLab administrator still wants to  reach `255.255.255.255`,
it can be added explicitly in the Allow List [3].

There is no reason a GitLab user would want to reach this, but it
could potentially be misused if an attacker finds a component
vulnerable to DNS rebinding, for example.

This commit aims to fulfil https://gitlab.com/gitlab-org/gitlab/-/issues/337796

[1]: https://datatracker.ietf.org/doc/html/rfc919#section-7
[2]: https://superuser.com/a/1006951
[3]: https://docs.gitlab.com/ee/security/webhooks.html#allowlist-for-local-requests

Changelog: changed