Restrict access to admin functions by IP

There are many possible ways to implement this feature:

* Adding a custom middleware
* Using rack-attack with a blocklist
* Using routes constraints

We're choosing to use a controller concern with a redirect because it's
what we do to handle unauthorized cancancan exceptions.

app/controllers/admin/base_controller.rb

@@ -1,4 +1,5 @@
 class Admin::BaseController < ApplicationController
+  include IpDeniedHandler
   layout "admin"
   before_action :authenticate_user!