Add optional port restriction for /metrics endpoint

[nohwnd]

I would like to restrict metrics to be only accessible inside of Kubernetes cluster and not outside. One way to do this is to setup authentication and authorization for the metrics endpoint, but that adds unnecessary management overhead.

A simpler way to do this is to expose the metrics only on port that is reachable within the cluster and not outside. This PR adds such filter by checking the port in the incoming request and returning 404 if it does not match.

An example usage in the default ASP.NET Core 2.2 app with https redirection:

## file Startup.cs
# put this before the https redirection (and also before authentication)
# use the new Port property on the options to specify the port to filter to
app.UsePrometheusServer(o => o.Port = 5005);
app.UseHttpsRedirection();
app.UseMvc();

## file Program.cs
# specify default and our monitoring ports to listen on
WebHost.CreateDefaultBuilder(args)
                .UseUrls(
                    "http://*:5000",
                    "https://*:5001",
                    "http://*:5005")
                .UseStartup<Startup>();
    }

To test this with the standard app you can run those queries. (e.g. via VSCode rest client)

# returns metrics
GET http://localhost:5005/metrics

###

# returns 404
GET https://localhost:5001/metrics

###

# returns 404
GET http://localhost:5000/metrics

### 

# returns values
GET https://localhost:5001/api/values

###

# returns 307 redirect to https 
# and then values
GET http://localhost:5000/api/values

###

# accessing the rest of the api via the monitoring port
# is not restricted so this alse returns 307 redirect to https 
# and then values
GET http://localhost:5005/api/values

[nohwnd]

I need to find a better mechanism for determining the port. This implementation apparently takes it from Host header and that is easily falsifiable. So instead I need to get the real port this request was bound to. I hope that is possible.

GET https://localhost:5001/metrics
Host: localhost:5005

[nohwnd]

The real port is exposed by Connection, so it is all fixed now.

[phnx47]

It is middleware. Use for all urls.

If you want to change use only one url and port, you need use special endpoint:
https://github.com/PrometheusClientNet/Prometheus.Client.MetricServer

[phnx47]

Example: https://github.com/PrometheusClientNet/Prometheus.Client.Examples/blob/master/MetricServer/CoreConsoleMetricServer_2.0/Program.cs

[nohwnd]

Well that was harsh.

The middleware registration method already makes the basic setup simple. And this would be another step in that direction. The pattern of exposing the main functionality and maintenance functionality on different ports is used often in docker images and this would make it easy to do, without adding any overhead.

[phnx47]

I will think about this functional. But, I think we need use 'MapWhen'. Just return 'NotFound' is not Production ready

[nohwnd]

I am already doing it with MapWhen in my project to emulate this functionality I just did not want to change too much in this PR. I can rewrite it easily if you'd consider merging it :)

[phnx47]

@nohwnd I would like to review and test it.

[nohwnd]

Sure. I will update the PR tomorrow.

[phnx47]

Ok, I'm waiting update

[phnx47]

Good! I will test and publish it.