Disable Sinatra's `host_authorization` by default

[postmodern]

Sinatra enables host_authorization in development mode by default. This can cause issues when testing apps, sending requests with no Host: header, sending requests with different Host: header than localhost, 0.0.0.0, etc. It might be safer to disable host_authorization by default.

If users wish to re-enable host_authorization, simply set host_authorization with permitted_hosts:

set :host_authorization, {permitted_hosts: %w[...]}