Support custom trusted header bitmasks

[matt-allan]

This PR adds support for custom bitmasks, which are necessary if your load balancer doesn't support all X-Forwarded-* headers and doesn't support the same subset of X-Forwarded-* headers that AWS ELB uses. I personally ran into this while using ngrok via valet share, which doesn't send HEADER_X_FORWARDED_PORT.

[fideloper]

Hi! I just wanted to let you know that this looks good on the surface. I'll likely pull it in when I have some extra time to test it out a bit more myself as well.

Thanks!

[fideloper]

Whoops, one more thing: Can you give an example of its usage? It looks like the test is an example, but I wanted to confirm that.

I'll use that to update the readme.md docs.

[matt-allan]

Great, thanks for the update.

RE: usage you would typically start with Request::HEADER_X_FORWARDED_ALL and use a bitwise xor to exclude the headers you do not want, i.e.

// all x-forwarded-* headers except for x-forwarded-port
Request::HEADER_X_FORWARDED_ALL ^ Request::HEADER_X_FORWARDED_PORT
// all x-forwarded-* headers except for x-forwarded-host
Request::HEADER_X_FORWARDED_ALL ^ Request::HEADER_X_FORWARDED_HOST

Here's an example from Symfony.