Security: Proxy binds to 0.0.0.0 in strong jail mode

[ammario]

Issue

The proxy currently binds to 0.0.0.0 (all interfaces) when running in strong jail mode to be accessible from the veth interface. This potentially exposes the proxy ports to external networks, which is a security concern.

Current Behavior

In src/main.rs, the proxy binding is determined as:

let bind_address = if args.weak || args.server {
    None // defaults to 127.0.0.1
} else {
    Some([0, 0, 0, 0]) // bind to all interfaces for strong jail
};

Desired Behavior

The proxy should bind only to the specific veth host IP address (e.g., 10.99.X.1) that is computed during jail setup. This would ensure the proxy is only accessible from within the jail's network namespace and not from external interfaces.

Implementation Notes

1. The jail computes a unique subnet for each jail (e.g., 10.99.36.0/30)
2. The host side of the veth pair gets .1 (e.g., 10.99.36.1)
3. This IP is stored in LinuxJail.host_ip
4. Need to pass this IP from the jail setup to the proxy initialization
5. The proxy should bind specifically to this IP instead of 0.0.0.0

Security Impact

• Current: Proxy ports are exposed on all network interfaces
• Proposed: Proxy ports only accessible from the jail's veth interface

This change would significantly reduce the attack surface by ensuring the proxy is not accidentally exposed to external networks.