Add force_forwarded_ssl_header vhost/location option

This is a workaround for running an application behind two layers of reverse
proxies with the outer one terminating ssl. In this case the inner proxy
receives requests with plain http and sets X-Forwarded-Proto, X-Forwarded-Ssl
and X-Url-Scheme to "http", although the original requests used https. This
breaks some applications.

Ideally we would use a mechanism similar to real_ip_from and just forward the
proto/ssl/scheme headers if the request came from a trusted proxy, but this
workaround is much simpler.

defaults/main.yml

@@ -46,6 +46,7 @@ nginx_vhosts_defaults:
   hide_proxy_headers: {}
   backend: ~
   disallow_dotfiles: True
+  force_forwarded_ssl_header: False
 
 nginx_streams_defaults:
   listen: