fix(proxy): skip detection pipeline for bypass CIDR IPs

Trusted IPs (localhost, pod network) now skip the entire DDoS/scanner/
rate-limit pipeline via early return. Fixes buildkitd pushes to Gitea
being blocked by the scanner when using host networking.

Signed-off-by: Sienna Meridian Satterwhite <sienna@sunbeam.pt>

tests/e2e.rs

@@ -108,7 +108,7 @@ fn start_proxy_once(backend_port: u16) {
         }];
         let acme_routes: AcmeRoutes = Arc::new(RwLock::new(HashMap::new()));
         let compiled_rewrites = SunbeamProxy::compile_rewrites(&routes);
-        let proxy = SunbeamProxy { routes, acme_routes, ddos_detector: None, scanner_detector: None, bot_allowlist: None, rate_limiter: None, compiled_rewrites, http_client: reqwest::Client::new() };
+        let proxy = SunbeamProxy { routes, acme_routes, ddos_detector: None, scanner_detector: None, bot_allowlist: None, rate_limiter: None, compiled_rewrites, http_client: reqwest::Client::new(), pipeline_bypass_cidrs: vec![] };
 
         let opt = Opt {
             upgrade: false,