Fix trusted proxy ping source detection

[frederickbaier]

Why

A local SimpleCloud/system ping is used to read the real player count for the current proxy. The previous detection only compared the remote ping address with InetAddress.getLocalHost(), which misses valid internal bindings such as 192.168.102.10. When that detection fails, the MOTD slot/player-count rewriting is applied to the internal ping response, so the cloud sees the combined proxy count as if it belonged to each proxy. In multi-proxy setups this can make the network appear full too early and prevent joins.

What changed

• Added a shared TrustedPingSourceMatcher used by both Velocity and BungeeCord ping listeners.
• Treats loopback addresses and addresses assigned to local network interfaces as trusted automatically.
• Added optional trusted-ping-sources config entries supporting exact IPs and CIDR ranges for deployments where another trusted internal host performs the ping.
• Kept the default config value empty, so existing configs remain valid and behavior is backward compatible aside from correctly recognizing more local/internal self-pings.
• Existing /scproxy reload behavior can pick up changed trusted source entries because listeners read the config through the existing config provider.

Compatibility

This is intentionally additive:

• Existing config files do not need to be changed.
• Existing loopback/self-ping behavior still works.
• Public player pings still receive the configured MOTD player-list, slot, and version-name behavior unless their source is local or explicitly trusted.

Verification

• sh gradlew build