add support to pass api key

[basantPayU]

According to docs of security headers, we need to pass an API key for the request, but the current implementation doesn't provide a way to do so. P.S. Refer to the image

[iamazeem]

@basantPayU: Did you check https://github.com/koenbuyens/securityheaders?

And, did you try invoking curl from the command line?

Example:

curl -H "x-api-key: <API-KEY>" "https://api.securityheaders.com/?q=<URL>&hide=on&followRedirects=on" | jq -r '.summary.grade'

[marcuslindblom]

The above seems to work just fine. So this issue is up for grabs :)

[marcuslindblom]

I made a PR draft. This is breaking though because the order of params is changed. What do you think @iamazeem @basantPayU

[basantPayU]

@marcuslindblom Looks good to me!

[iamazeem]

Looks good! :+1:

BTW, I just released this composite action: https://github.com/iamazeem/security-headers-action

As of now, docker actions run only on the Linux runners. I wanted to create something that works on all the GHA runners.

Would love to hear some feedback from you both. :smile: Thank you!