Add trusted_hosts for puppetmaster interfaces, bypass proxy requirement
#2121 added an requirement by default that permits access to puppetmaster interfaces if the connection has a trusted client SSL certificate and is from a registered smart proxy host.
It should also support a list of hosts to avoid the need for the proxy. Unsure whether this should bypass the SSL requirement or not.
fixes #2153 - add trusted_puppetmaster_hosts setting to permit puppetmaster access
Connections to fact + report upload and externalNodes will be permitted from
any host listed in the trusted_puppetmaster_hosts setting, bypassing the
requirement for a registered smart proxy.
Setting model updated to support empty arrays for values and defaults.