This commit adds the Referrer Allow list option, which can be used
to whitelist traffic arriving from certain referrers (internal only)
which is intended to allow plugins like Nelio AB Testing to be usable
on sites which use this plugin to control access to the site.

internal referrer urls can contain query strings, but the input
config should omit the site url, as this is set inside the plugin,
to prevent external referrers from being configured.

The new functionality also only accepts as valid referrer headers
where the configured allowed referrer string appears at the start
of the referrer header, to prevent whitelisted items being passed
as parameters of a referrer to circumvent the access controls.

loading an allow listed referrer url directly in the browser while
unauthenticated does not allow the user to bypass the access control
as when the plugin performs redirection it does not, itself, send the
HTTP_REFERER header.

This commit adds a check that the config array for the referrer
allow list contains valid options, as the behaviour of explode in
this context means that even if the options field is empty at least
one array item, of value '' with be created.

Also Kahlan has been removed from the composer file and composer update
rerun