Add the MUNGE_OPT_ADDR_RESTRICTION context option to restrict credential decoding based on the origin IP address. While the local munged daemon prevents a credential from being replayed on that host, it does not protect against replay on a different host. This option would allow credential decoding to be restricted to a (presumably) unique IP address where a replay attack would be prevented by the local daemon.

This will require extending the credential format (#87).

This should support both IPv4 and IPv6 addresses (#21).