Restrict Django's ALLOWED_HOSTS settings to deployed hosts
Description
Django provides a setting ALLOWED_HOSTS. This is a mitigation against "HTTP Host header attacks".
Currently, the boilerplate template sets this to allow all hosts.
Update the template to only allow hosts the application is deployed to.