Add no-multicast-peers to Coturn config by default

Part of a security hardening provoked by:
https://www.rtcsec.com/article/cve-2020-26262-bypass-of-coturns-access-control-protection/

roles/custom/matrix-coturn/defaults/main.yml

@@ -73,6 +73,9 @@ matrix_coturn_denied_peer_ips: []
 matrix_coturn_user_quota: null
 matrix_coturn_total_quota: null
 
+# Controls whether `no-multicast-peers` is added to the configuration
+matrix_coturn_no_multicast_peers_enabled: true
+
 # To enable TLS, you need to provide paths to certificates.
 # Paths defined in `matrix_coturn_tls_cert_path` and `matrix_coturn_tls_key_path` are in-container paths.
 # Files on the host can be mounted into the container using `matrix_coturn_container_additional_volumes`.

roles/custom/matrix-coturn/templates/turnserver.conf.j2

@@ -39,6 +39,10 @@ user-quota={{ matrix_coturn_user_quota }}
 total-quota={{ matrix_coturn_total_quota }}
 {% endif %}
 
+{% if matrix_coturn_no_multicast_peers_enabled %}
+no-multicast-peers
+{% endif %}
+
 {% for ip_range in matrix_coturn_denied_peer_ips %}
 denied-peer-ip={{ ip_range }}
 {% endfor %}