remove unneeded headers!

[JohnRDOrazio]

Going over the JSON schemas again and confronting them with the data produced by the API, I noticed in the last release we only removed a couple of unneeded request headers from the resulting resource files. However, this is not enough. There is sometimes a cookie header that is included, which isn't too too dangerous because it should only be cookies from the litcal.johnromanodorazio.com domain, and the only cookies set there are a language cookie to remember the language that the user had chosen for the frontend website, and a "last API request settings" cookie so that when closing and opening a "usage example", the same settings as the last request would be automatically populated.

In any case, even if there should never be any kind of sensitive information here, there really is no reason to expose it in the API responses. In fact, the only real request headers that are useful in the API responses are those that can actually determine an outcome in the resulting liturgical calendar, and those are Accept, Accept-Language, and maybe X-Requested-With to verify correct results from AJAX calls. The Host header should be innocent enough, in fact it's actually a further guarantee that the response is actually coming from the litcal.johnromanodorazio.com domain. So I would say, instead of removing a header here and there, discard ALL headers except these last four we just mentioned.

At least it would make the API look a bit less intrusive.

[JohnRDOrazio]

WIP in the new-unittest-interface branch...

[JohnRDOrazio]

I cherry-picked the related commits into the dev branch, so that we don't have to wait for new-unittest-interface branch to be pulled.