Allow configuring ingress proxy hostname ACLs

[eleftherias]

Problem

When network isolation is enabled on an MCP server, the ingress proxy blocks connections from other containers using host.docker.internal with HTTP 403 Access Denied. This prevents container-to-container communication between MCP servers when network isolation is enabled on the destination.

The ingress proxy configuration in writeIngressProxyConfig is hardcoded to only allow:

• The container's own hostname
• localhost
• 127.0.0.1

There's currently no way for users to configure additional allowed hostnames for the ingress proxy.

Use Case

Users need to enable network isolation on MCP servers for security while still allowing communication between containers.

Proposed Solution

Add configuration options to allow users to specify additional hostnames/domains that the ingress proxy should accept through permission profile extension:

{
  "network": {
    "inbound": {
      "allow_host": ["host.docker.internal", "*.internal"]
    }
  }
}

After implementing this feature:

1. Users can configure additional allowed hostnames for ingress traffic
2. Container-to-container communication works with network isolation enabled
3. Security is maintained - only explicitly allowed hostnames are permitted

[JAORMX]

@eleftherias shouldn't allow_host already do this?

[eleftherias]

Our network isolation only has outbound configuration, not inbound.
But I've updated the key to be allow_host for consistency.

[JAORMX]

@eleftherias ah! I completely missed that it was inbound. Love it!