Comment 1 for bug 1770885

I don't see any problem with this. While clients should not be trusted, this doesn't seem to increase risk.

Update the interface to request a list of CIDRs be given access.

Update the PostgreSQL charm to grant access in pg_hba.conf to the ranges.

pgbouncer does not need to be updated, as it doesn't do IP level access controllers and can just ignore the setting if the interface requests it.