mtop 1.1.2

Hardening, most of it picked up from @tiberiuichim's fork — thanks.

• The proxy stops buffering after 1 MiB while looking for the final chunk, so a misbehaving server can't grow memory without bound. Responses past that size still reach the client in full, they just don't get counted.
• Values from ~/.mtop.conf no longer pass through the process environment, where child processes like nvidia-smi could see them.
• Binding the proxy to anything beyond loopback now prints a warning: traffic through it is plain http, and prompts ride on it.
• golang.org/x/text was pinned to a 2022 version with known CVEs; now current.
• The response tap moved from ModifyResponse to a RoundTripper, which also drops the deprecated Director hook.