Web Push gateway broken with some push provider #419
Description
This issue was originally created by @p1gp1g at matrix-org/sygnal#419.
Currently, hydrogen push notifications don't work if we don't use an explicitly allowed push service.
This is because sygnal has an allow-list of authorized push service. I guess this allow list has been added to avoid any kind of SSRF. Therefore a better solution would be to deny requests to private IPs for non-explicitly allowed push servers.
A random example from another project (there are other examples): https://github.com/discourse/discourse/blob/main/lib/final_destination/ssrf_detector.rb