RPC HTTP: Add a more safe default ACL.

Context

Following !2942 (merged), which introduced ACLs for tezos-node RPC, now we change the default policy so that for hostnames other than localhost it only exposes the endpoints that either:

• can't be abused to harm the node or
• are absolutely necessary for the node to be usable to clients (allowing them to make use of their Tez).

On localhost listening address still all endpoints will be open. Also the default policy can be changed by editing the config.

The default ACL is a whitelist enumerating all safe endpoints. That means that from now on most new RPC endpoints will be by default blocked for external clients and must be explicitly enabled (or the default ACL must be updated). Thanks to @vbotbol, @pirbo and the P2P team, who helped me create this list. It should be roughly complete, but there are some controversies:

• PATCH /chains/*
• GET /chains/*/invalid_blocks/*

Are these safe? Are they necessary?

Manually testing the MR

Launch the node and try making some transactions using tezos-client. If any of them gets blocked, that probably means some more endpoints should be open.

Checklist

• Document the interface of any function added or modified (see the coding guidelines)
• Provide automatic testing (see the testing guide).
• For new features and bug fixes, add an item in the appropriate changelog (docs/protocols/alpha.rst for the protocol and the environment, the Development Version section of CHANGES.md for everything else).
• Select suitable reviewers using the Reviewers field below.