rspamd: don't use secure_ip
We currently setup rspamd with a password for worker-controller, with secure_ip set to localhost; that is probably fine for a dedicated mail server, but allows access to the controller by all clients for systems which share web and mail services (eg. single-server), as addresses in secure_ip do not require a password. We should drop the use of secure_ip, and preferably switch to using unix sockets to talk to all rspamd daemons.
Also provide examples of how to configure reverse proxies to connect and authenticate (eg. add a Password header and use unix rather than tcp socket).