Consider whether to expose php-fpm status endpoint, and if so, how to restrict

php-fpm's /status endpoint could be useful for monitoring and/or as a healthcheck with docker/k8s, but might potentially leak information, so might want to avoid making it available beyond the local network.