VC_ALLOWED_HOSTS default should not be *

[pombredanne]

In https://github.com/nexB/vulnerablecode/blob/87ffa8109e4f5dcb22b4c8d71eaf1711c82068d7/vulnerablecode/settings.py#L31 we should not default VC_ALLOWED_HOSTS to * but rather to 127.0.0.1 or localhost

[Hritik14]

This code was introduced by #404. Is this even required ?
@tardyp

In my case, I am deploying vulnerablecode via docker in a kubernetes cluster, so I would prefer to have a default configuration which does not require to modify the app code

Django already ships with DJANGO_SETTINGS_MODULE environment variable which could allow to alter not one but any of the settings variable for the docker image.

Also, what does the VC stand for ? Splitting hosts by a : is not a standard behavior either.