Forbid more non-resolving IP addresses for hosts

[gbrodman]

Reject loopback, link-local, site-local, wildcard, and multicast IP
addresses during host creation and update flows.

Glue records (A/AAAA records published in the parent zone for subordinate
name servers) must point to globally routable, public IP addresses to
ensure that recursive DNS resolvers on the public internet can reach the
authoritative name servers.

Using non-public or non-routable IP addresses in glue records is invalid
for the following reasons:

• Loopback (127.0.0.1, ::1) and Any-Local (0.0.0.0, ::) addresses point
  back to the client or are unspecified, causing resolvers to query
  themselves and fail.
• Private/Site-Local (e.g., 10.0.0.0/8, 192.168.0.0/16) and Link-Local
  (169.254.0.0/16) addresses are not routable on the public internet,
  rendering the delegated domain completely unreachable to external clients.
• Multicast addresses are designed for one-to-many delivery and cannot
  be used for standard unicast DNS queries to a specific name server.

Rename LoopbackIpNotValidForHostException to IpAddressNotRoutableException
to reflect the broader set of forbidden non-routable IP addresses.

---

This change is 

[CydeWeys]

@CydeWeys reviewed 3 files and all commit messages.
Reviewable status: complete! all files reviewed, all discussions resolved (waiting on gbrodman).

[CydeWeys]

Commit description needs more information on why all these types of IP addresses are invalid for glue records.

@CydeWeys made 1 comment.
Reviewable status: complete! all files reviewed, all discussions resolved (waiting on gbrodman).

[gbrodman]

Done

@gbrodman made 1 comment.
Reviewable status: all files reviewed (commit messages unreviewed), all discussions resolved (waiting on gbrodman).