feat: apply some middlewares before configureServer hook

[sapphi-red]

Description

This PR moves four middlewares to be applied before configureServer hook. The four middlewares are:

• timeMiddleware
  • so that the time taken by middlewares injected by configureServer hook is included in the log
• rejectInvalidRequestMiddleware
  • so that middlewares injected by configureSerever hook does not have to care whether req.url includes # or not
    • normally middlewares have to take care of that theirselves so this is not important in that term.
  • the main reason is for consistency between normal middlewares and post-injected middlewares
• corsMiddleware
  • normally midddlewares would expect the CORS settings applied in the options to be applied for the requests handled by the injected middlewares
  • there could be a case that a plugin wasn't expecting CORS headers to be applied
    • in that case, they can opt out by calling res.removeHeader('Access-Control-Allow-Origin')
• hostValidationMiddleware
  • so that middlewares injected by configureSerever hook does not have to care about DNS rebinding attacks

These checks are currently not the responsibility of Vite, but I think it's better to include them.

[sapphi-red]

/ecosystem-ci run

[pkg-pr-new]

Open in StackBlitz

npm i https://pkg.pr.new/vite@20222

commit: 6e4220a

[vite-ecosystem-ci]

📝 Ran ecosystem CI on 6e4220a: Open

suite	result	latest scheduled
histoire	❌ failure	❌ failure
react-router	❌ failure	❌ failure
vike	❌ failure	❌ failure
vite-plugin-cloudflare	❌ failure	❌ failure
one	❌ failure	❌ failure
waku	❌ failure	❌ failure
vite-rsc	❌ failure	❌ failure

✅ analogjs, astro, ladle, laravel, marko, qwik, storybook, sveltekit, rakkas, vite-plugin-react, unocss, vite-environment-examples, vuepress, vite-plugin-pwa, vite-plugin-vue, nuxt, vite-setup-catalogue, quasar, vite-plugin-svelte, vitest, vitepress

[patak-dev]

Sounds good to me. I don't think there will be a better chance to apply this chance later on.