Allow access to `/-/metrics` `/-/liveness` `/-/readyness` without token when client matches whitelist

When accessing /-/metrics /-/liveness /-/readyness remove the need for token when client ip matches a white list.

Current token access has following benefits:

• provides good protection out of the box, as even in Gitlab installed they will still be protected
• allows dynamic/shared ips to be able to access token protected resources
• can be easily revoked, quickly stopping unauthorized access.

However it has some downsides as well:

• requires the need to handle the token in automation tools like Chef to be able configure monitoring tools properly
• when token is changed all local monitoring tools will stop working

So to maintain the current benefits and mitigate the downsides. A IP whitelist allowing token-less access populated with defaults like: '[ /127../, /192.168../ ]' would take the best of both worlds.

/cc: @bjk-gitlab @joshlambert