Proposal: change the default json-rpc listen address to localhost

Current behavior: default to 0.0.0.0.

Desired behavior: default to 127.0.0.1.

Use case:

Because the json-rpc service can be easily dos-ed if opened public without other protection, default to public can make nodes vulnerable accidentally.