mtop 1.1.3

Closes a hole in the request proxy.

It forwards everything to ollama, and that includes the endpoints that delete or pull models. A browser tab can reach 127.0.0.1, so a page you have open could hit the proxy and drive that API without you knowing — and rebind dns to read the responses back. The proxy now only answers loopback callers and rejects anything carrying a cross-origin Origin. Normal ollama clients and SDKs don't send that header, so nothing changes for them.

While in there:

• /metrics was building its per-model rows and its percentiles from two separate reads, so under load they could disagree. One read now.
• the footer still said "proxy on ..." when started with -no-proxy.
• the 1 MiB cap on stream reads wasn't applied to the final flush.