refactor and fix reverse proxy IP fetch routines
The plan is to extract the logic so that we can log IP addresses in failed requests in #117.
In doing so, I found a flaw in how the rate limiter worked that allowed an attacker to inject fake IP addresses in the X-Forwarded-For header, allowing rate limiting bypass or denial of service of arbitrary addresses as well. That should be fixed.
The request of logging originating IP addresses (#117) is not actually fixed here, because while trying to address that I realized that where we're logging those failures is in the webhook callbacks, and there the request client is not the user, but the payment processor.
So we somehow need to either keep track of the client IP address to restore it when we get that webhook response (ewww) or take that IP address from the webhook data in the first place.
I'm less familiar with that part of the process, so I'll again defer that to later code.
Splitting that code up in a different function still feels useful though, because now we have it unit-tested.