fix(router): ensure Traefik dashboard port is always bound to localhost

[JUVOJustin]

Currently, the traefik dashboard is exposed with port 10999 to be publically accessible if router_bind_all_interfaces=true. This can leak information when ddev is used for public hosting.

How This PR Solves The Issue

The PR binds the port only to localhost.

Manual Testing Instructions

• Clone branch
• make
• router_bind_all_interfaces=true globally
• Make sure ddev hostname is not locally resolved to localhost
• Try accessing http://my-domain.ddev.site:10999

I also installed this dev branch on my public host machine and validated that the port is actually not exposed to the public anymore.

Automated Testing Overview

The new test checks the port binding in the docker composer and tries if the dashboard can still be accessed locally.

Release/Deployment Notes

No breaking changes as far as i can tell. The traefik rest api can still be accessed from the host. curl 127.0.0.1:10999/api/version would still work.

[github-actions]

Download the artifacts for this pull request:

• all-ddev-executables.zip
• ddev-macos-amd64.zip
• ddev-macos-arm64.zip
• ddev-linux-arm64.zip
• ddev-linux-amd64.zip
• ddev-windows-amd64.zip
• ddev-windows-amd64-installer.zip
• ddev-windows-arm64.zip
• ddev-windows-arm64-installer.zip

See Testing a PR.

[rfay]

I tested this manually with both router-bind-all-interfaces=true and false, and it did the right thing. The code is right. I didn't carefully examine the test, but it looked right.

I tested access to the port(s) using telnet, and looked at ~/.ddev/.router-compose-full.yaml to confirm that it was right.

[stasadev]

Looks good to me.

[rfay]

@JUVOJustin I note that the Traefik dashboard can also be turned off in Traefik (It's enabled in ~/.ddev/traefik/.static_config.yaml).

api:
    dashboard: true
    insecure: true

Another useful approach would be to disable that completely on publicly accessible systems.