patroni allowlist support

Patroni 2.1.0 added support for allowlist and allowlist_include_members for limiting access to the restapi to specific ip/ipranges https://patroni.readthedocs.io/en/latest/SETTINGS.html#rest-api

We should add this support to omnibus, and document its use in our patroni and reference architecture docs similar to how we have the postgres trusted addresses.