bad things happen when gateway IPs are not whitelisted from limiting/throttling

[slingamn]

@prawnsalad reported problems while testing kiwiirc/webircgateway against oragono: eventually the connection limiter would deny new connections from the gateway, despite the old connections having been closed.

Proposed diagnosis:

1. If the gateway IP is not whitelisted, a connection is recorded from the gateway IP during the initial connection establishment: https://github.com/oragono/oragono/blob/25f8b15232557e82b6d74bc28efdc3e7d617e86d/irc/server.go#L285
2. Once PROXY / WEBIRC is issued, a connection is recorded from the real IP as well: https://github.com/oragono/oragono/blob/25f8b15232557e82b6d74bc28efdc3e7d617e86d/irc/gateways.go#L71
3. When the client disconnects, only the second entry is cleaned up: https://github.com/oragono/oragono/blob/25f8b15232557e82b6d74bc28efdc3e7d617e86d/irc/client.go#L664
4. Eventually, the limit for the gateway IP is reached and further connections are denied

We never hit this in testing because we've always done proxying over whitelisted IPs, specifically loopback.

Possible fixes:

1. Clean up the gateway's limiter entry during PROXY / WEBIRC processing
2. Document that that any gateway IPs should be whitelisted
3. Automatically add any IPs / CIDRs referenced in the proxy or webirc blocks to the whitelists

[slingamn]

It's cheap and easy enough to add a RemoveClient(oldIP) call when applying the proxied IP, we should just do that.

However, this is not a substitute for whitelisting the gateway because in the window between initial connection and accepting the proxy line, the gateway's connection limit can fill up, which will result in further connections being rejected.