* feat(cli): restrict insecure unauthenticated server to loopback binds
Reject starting the server with --insecure and --without-password when
--address would bind outside loopback (including empty host / all
interfaces). Validate the actual listener after Listen so systemd socket
activation cannot bypass the check.
Add hidden --allow-extremely-dangerous-unauthenticated-server-on-the-network
to opt into the previous behavior for isolated environments.
Extract validation into internal/insecureserverbind with table-driven tests.
Add end-to-end smoke tests for rejection and escape hatch.
Co-authored-by: Cursor <cursoragent@cursor.com>
* Update internal/insecureserverbind/insecureserverbind.go
Co-authored-by: Julio López <1953782+julio-lopez@users.noreply.github.com>
* pr feedback
---------
Co-authored-by: Cursor <cursoragent@cursor.com>
Co-authored-by: Julio López <1953782+julio-lopez@users.noreply.github.com>
