Make the remote IP parameter more generic and make it an enum
determining the source instead of a boolean. Also fix the
changelog entry.
Both as requested, I managed to miss those comments previously.
If known, let the auth server know where the client came
from, using REMOTE_ADDR or, optionally/configurably, the
X-Remote-Addr header value (which is needed when running
behind a trusted proxy.)
Addresses #1859.
