Allow list for pool origins

[andy-v-h]

Is your feature request related to a problem? Please describe.
I want to limit the possible pool origins so that a user of my system doesn't turn my service into an ddos cannon

Describe the solution you'd like
I would like to give an allowlist as input to the API that filters what IPs I can store as a pool origin.

Describe alternatives you've considered
Putting a block list on the manager.

Additional context
n/a