feat: support use allow* multiple times in env, flag and docker labels

[qianlongzt]

I test env, flag and docker labels

SP_ALLOW_GET=/version3 SP_ALLOW_GET_aal=/version4 ./socket-proxy '-allowGET=/_ping' '-allowGET=/exec/.*' '-allowGET=/version'
time=2026-02-13T20:24:50.504+08:00 level=INFO msg="starting socket-proxy" version=dev os=linux arch=amd64 runtime=go1.26.0 URL=github.com/wollomatic/socket-proxy
time=2026-02-13T20:24:50.505+08:00 level=INFO msg="configuration info" socketpath=/var/run/docker.sock listenaddress=127.0.0.1:2375 loglevel=INFO logjson=false allowfrom=127.0.0.1/32 shutdowngracetime=10
time=2026-02-13T20:24:50.505+08:00 level=INFO msg="watchdog disabled"
Default request allowlist:
   Method   Regex
   GET      [^/version4$ ^/version3$ ^/_ping$ ^/exec/.*$ ^/version$]
time=2026-02-13T20:24:50.505+08:00 level=INFO msg="socket-proxy running and listening..."
^Zfish: Job 1, 'SP_ALLOW_GET=/version3 SP_ALLOW…' has stopped
ubuntu@tx-hk-1 ~> bg
Send job 1 'SP_ALLOW_GET=/version3 SP_ALLOW_GET_aal=/version4 ./socket-proxy '-allowGET=/_ping' '-allowGET=/exec/.*' '-allowGET=/version'' to background
ubuntu@tx-hk-1 ~> curl http://127.0.0.1:2375/version4
{"message":"page not found"}
ubuntu@tx-hk-1 ~> curl http://127.0.0.1:2375/version3
{"message":"page not found"}
ubuntu@tx-hk-1 ~> curl http://127.0.0.1:2375/version
{"Platform":{"Name":"Docker Engine - Community"},"Version":"29.2.1","ApiVersion":"1.53","MinAPIVersion":"1.44","Os":"linux","Arch":"amd64","Components":[{"Name":"Engine","Version":"29.2.1","Details":{"ApiVersion":"1.53","Arch":"amd64","BuildTime":"2026-02-02T17:17:19.000050134+00:00","Experimental":"false","GitCommit":"6bc6209","GoVersion":"go1.25.6","KernelVersion":"6.17.0-14-generic","MinAPIVersion":"1.44","Os":"linux"}},{"Name":"containerd","Version":"v2.2.1","Details":{"GitCommit":"dea7da592f5d1d2b7755e3a161be07f43fad8f75"}},{"Name":"runc","Version":"1.3.4","Details":{"GitCommit":"v1.3.4-0-gd6d73eb8"}},{"Name":"docker-init","Version":"0.19.0","Details":{"GitCommit":"de40ad0"}}],"GitCommit":"6bc6209","GoVersion":"go1.25.6","KernelVersion":"6.17.0-14-generic","BuildTime":"2026-02-02T17:17:19.000050134+00:00"}
ubuntu@tx-hk-1 ~> curl http://127.0.0.1:2375/xxx
time=2026-02-13T20:25:07.347+08:00 level=WARN msg="blocked request" reason="path not allowed" method=GET URL=/xxx client=127.0.0.1:49310 response=403
Forbidden

services:
  alpine:
    image: alpine
    network_mode: bridge
    command:
    - sleep
    - "3600"
    labels:
      - 'socket-proxy.allow.get=/version'
      - 'socket-proxy.allow.get.0=/_ping'
      - 'socket-proxy.allow.get.1=/_ping2'

time=2026-02-13T21:21:12.081+08:00 level=INFO msg="removed allowlist for container" id=b0eecf7e611e ip=172.17.0.6
Request allowlist for d7be59ae6bfe (172.17.0.6):
   Method   Regex
   GET      [^/_ping2$ ^/version$]
time=2026-02-13T21:21:37.958+08:00 level=INFO msg="removed allowlist for container" id=d7be59ae6bfe ip=172.17.0.6
Request allowlist for 34e2ab1d42fd (172.17.0.6):
   Method   Regex
   GET      [^/version$ ^/_ping$ ^/_ping2$]

[qianlongzt]

TODO, version