feat: Add environment variable to bypass NoInternalIP rule for specific webhook hosts

[MineTech13]

Context & Problem:
The recent security enhancements introduced the NoInternalIP rule for webhooks. While this provides necessary security improvements, it limits deployments that intentionally route webhooks to internal services on the same network, such as self-hosted local bots.

Proposed Solution:
This PR adds a configuration option to explicitly whitelist specific internal hosts or IP addresses, allowing them to bypass the NoInternalIP restriction.

Changes Included:

• Introduced a new environment variable (e.g., APP_ALLOWED_INTERNAL_WEBHOOK_HOSTS) that accepts a comma-separated list of hosts or IPs.
• Updated the NoInternalIP validation rule to check against this variable. If a match is found, the restriction is skipped for that specific target.
• The default security posture is preserved: if the environment variable is left unconfigured, the strict NoInternalIP rule applies to all internal addresses.

Testing:

• Verified that external IPs process correctly.
• Verified that internal IPs are blocked when the environment variable is absent.
• Verified that internal IPs process correctly when explicitly added to the environment variable.

---

Checklist

• I have read the contributing guidelines.
• My code is of good quality and follows the coding standards of the project.
• I have tested my changes, and they work as expected.

I have read the CLA Document and I hereby sign the CLA

[github-actions]

All contributors have signed the CLA ✍️ ✅
_{Posted by the CLA Assistant Lite bot.}

[MineTech13]

I have read the CLA Document and I hereby sign the CLA

[novotnymiro]

Thanks @MineTech13, We are also facing this issue as this validation currently blocks our deployment. We are sending webhooks via internal network.

[daveearley]

Thanks for this addition @MineTech13!