Feature request: Public/private app switch

Support the most basic of firewalls: Let apps be declared as private in fly.toml (and/or provide a nice chonky button to toggle this in the dashboard). Make it a prominent control & non-optional selection during app init.

  • Public app (default): Reachable from the public internet on allocated public ips (appname.fly.dev). The way things work today.
  • Private app: Only reachable within organization’s private network. (Up to you if there are still public ips allocated).

Rationale: Prevent oopses like private infra leaking to the public internet as a result of being unintentionally public. I think its a lesson learned by many systems before us (s3, mongo comes to mind, etc). Can find examples browsing this forum too…