https://github.com/wolfeidau/proxyv2/blob/master/docs/proxy-protocol.txt
https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/enable-proxy-protocol.html

Use case
ClickHouse is hosted behind the proxy (e.g. CloudFlare Spectrum) but we still want to use keyed_by_ip quotas in ClickHouse or use the original IP address for authentication.

Implementation
Provide configuration option to use forwarded IP for quotas and auth. It must be disabled by default.

The protocol forbids autodetection:

The receiver MUST be configured to only receive the protocol described in this
specification and MUST not try to guess whether the protocol header is present
or not. This means that the protocol explicitly prevents port sharing between
public and private access. Otherwise it would open a major security breach by
allowing untrusted parties to spoof their connection addresses. The receiver
SHOULD ensure proper access filtering so that only trusted proxies are allowed
to use this protocol.

Save both IP addresses in ClientInfo.

Additional options
We also need similar support for X-Forwarded-For in HTTP.

Caveats
It's only safe if connections are available only via proxy-server, otherwise IP address can be easily forged.