Provide more guidance on invalid allowed_outbound_hosts

[itowlson]

Fixes fermyon/feedback#61

I added a "learn more" to the output:

# allowed_outbound_hosts = ["localhost"]

$ spin up
Error: Failed to load application

Caused by:
   0: Failed to load manifest from "spin.toml"
   1: Failed to load Spin app from "spin.toml"
   2: Failed to load component `outbound-bad-wildcard`
   3: `allowed_outbound_hosts` is malformed
   4: "localhost" does not contain a scheme (e.g., 'http://' or '*://')
Learn more: https://spinframework.dev/v3/http-outbound#granting-http-permissions-to-components

and special-cased some things that people might guess for wildcard syntax:

# allowed_outbound_hosts = ["*"]

$ spin up
Error: Failed to load application

Caused by:
   0: Failed to load manifest from "spin.toml"
   1: Failed to load Spin app from "spin.toml"
   2: Failed to load component `outbound-bad-wildcard`
   3: `allowed_outbound_hosts` is malformed
   4: "*" is not an allowed outbound host format.
Hosts must be in the form <scheme>://<host>[:<port>], with '*' wildcards allowed for each.
If you intended to allow all outbound networking, you can use '*://*:*' - this will obviate all network sandboxing.
Learn more: https://spinframework.dev/v3/http-outbound#granting-http-permissions-to-components

[rylev]

@itowlson drive-by thought - should we alias * to *://*:*?

[lann]

@itowlson drive-by thought - should we alias * to *://*:*?

That was suggested in the issue. My reply:

There are two different "allow anythings": https://*:* (allow http to anything) and *://*:* allow any protocol to anything (via wasi:sockets).

Also, we're trying to nudge people to take advantage of Spin's better-than-status-quo sandboxing; getting someone to stop and think about whether they really need * is part of that.
[...]