Fix long standing bug in determining remote IP

Fix long standing bug in determining remote IP

The check was for is_behind_cache without the (), meaning it always
returned true, which in turn meant we trusted all x-forwarded-for
headers. It was pretty hard to get them into the system, and
we didn't actually use it for anything other than locking survey
submissions, so it's not a big problem.

However, the basic logic was also wrong, as it assumes that all
SSL connections terminate directly at the backend server, which is
not necessarily true anymore.

The new version of the function will trust an X-Forwarded-For as
long as it's set on one of our frontend servers, regardless of if
it's an encrypted connection or not.