Secure Settings interface against malicious users when exposing BirdNET-Go to internet

[tphakala]

The Settings UI contains some sensitive information, including potential user home locations (geo coordinates) and various tokens such as BirdWeather and OpenWeather. The settings interface should be hidden or secured from Internet users if the BirdNET-Go interface has been exposed to the Internet.

Potential implementation methods could include:

• Hiding the Settings menu and disabling routes if the client address is outside of the BirdNET-Go system's IP subnet
• Requiring authentication to access the Settings menu if the client address is outside of the BirdNET-Go system's IP subnet

Alternative methods for detecting Internet-originated requests could include:

• Checking for the presence of Cloudflare-added HTTP headers (Cloudflare tunnel adds headers to connections coming through the cloudflared tunnel)

Problems with password authentication:

Passwords should be protected against eavesdropping by implementing a TLS-secured connection, but this requires public CA-signed certificates, which could become complex. BirdNET-Go supports Echo framework's auto TLS, but it requires the use of an Internet-registered domain.