Add config.hosts and config.host_authorization to new app templates (rails#47447)

5c830a8 adds an "/up" endpoint to help LB and uptime monitors.
DNS rebindings sometimes get in the way of it. Suggesting settings for both `hosts`
and` host_authorization` help reduce this friction.

Author: intrip

railties/lib/rails/generators/rails/app/templates/config/environments/production.rb.tt

@@ -100,4 +100,12 @@ Rails.application.configure do
   # Do not dump schema after migrations.
   config.active_record.dump_schema_after_migration = false
   <%- end -%>
+
+  # Enable DNS rebinding protection and other `Host` header attacks.
+  # config.hosts = [
+  #   "example.com",     # Allow requests from example.com
+  #   /.*\.example\.com/ # Allow requests from subdomains like `www.example.com`
+  # ]
+  # Skip DNS rebinding protection for the default health check endpoint.
+  # config.host_authorization = { exclude: ->(request) { request.path == "/up" } }
 end