[FIXED JENKINS-23294] Deal with X-Forwarded-Port.

If this is set, use it instead of ServletRequest.getServerPort() for purposes of getRootUrlFromRequest().
Also treat the default port as scheme-specific in that method (which presumes that we in fact got the reported port right).
And enhance the reverse proxy setup monitor to validate that the Referer header (/manage)
actually matches what we have computed from getRootUrlFromRequest;
if it does not, something is messed up, though it may require some digging to find what.
(Would be better to let the monitor specify the exact problem it determined,
though this is not always actually possible;
for example if you are missing AllowEncodedSlashes NoDecode in Apache,
you just get a 404 from Apache without even getting to Jenkins.)