Implement custom DNS resolver

[dani-garcia]

The goal of this change is to protect us more thoroughly against DNS rebinding attacks and redirects in the icons service, previously we did a manual lookup check before doing the initial HTTP request, which would leave us vulnerable, by inserting a middleware DNS resolver into reqwest we should be protected against all cases.

Also I noticed that with the hickory-resolver crate we can enable DNS over TLS and DNS over HTTPS, which seems like a great option, but we'd need to test further.

Also moved the is_global_ip functions to utils, because it was crowding the already big icons file.

[BlackDex]

Other then the missing cached proc-macro it looks ok too me.
I tested it with DDoSing the Favicon endpoint, that seems to work ok.

I also did a longer test which test around 300 domains (including some duplicates with/without redirects). These all seem to work as on the current code.

[BlackDex]

Did some further testing and seems to work fine.
I only wonder if we do not want to have this custom resolver as a default for everything.
It can also be useful for the calls to HIBP, Bitwarden Push, Calls to DUO or YubiKey OTP.

Other than that, it's all good.

[PKizzle]

I just had a brief look at the PR so maybe I missed it but is it possible to disable this feature in the configuration? I am already using a custom secure DNS solution and rather use that one as it gives me a more fine-grain control.

[BlackDex]

I just had a brief look at the PR so maybe I missed it but is it possible to disable this feature in the configuration? I am already using a custom secure DNS solution and rather use that one as it gives me a more fine-grain control.

It still uses the DNS servers provided by the host, so no need i think.