Add allowed hosts in config

[davidjr82]

Due to the latest security issue in the laravel framework, all projects that uses this package are exposed because:

• This package needs to be installed in production, it does not work with --dev.
• By default, the url to bypass the login screen is known
• By default, it enables the bypass in local environments.

@freekmurze wouldn't be a good idea to add a "allowed_hosts" as an array with 'localhost' by default, to prevent this kind of security issues?

[davidjr82]

Added pull request #42 to address it.