Gitlab support fixes

[Benaiah]

Fixes several bugs with GitLab support in git-gateway:

• Adds HEAD requests to the allowed CORS methods.
• Adds "Private-Token" to the allowed CORS headers.
• Constructs a URL by setting r.URL.Opaque instead of by setting r.URL.Path to prevent literal %2Fs in URLs, which are required by the GitLab API, from being turned into literal / characters by the Go stdlib. (see this github issue and this commit, noting that git-gateway is running on go1.8 if I understand correctly from the .travis.yml).
• Removes the Authorization header from GitLab requests, which causes 401s when used with private access tokens (example), and replaces it with the Private-Token header. (The current WIP Netlify UI has a box for a token to be pasted, so I assume this is supposed to be a private access token, not an OAuth token - which would use the Authorization header).
• Rewrites absolute links in the GitLab Link header to be relative, so they're requested from git-gateway instead of the proxied API.
• Adds a default value for the GitLab API endpoint.

[rybit]

also if you want to update the Go version, it might be worth it right now.

[verythorough]

It looks like this requires a docs update. At this point, I think that means some minor changes to the README and an update to example.env

[Benaiah]

@rybit @calavera addressed your review comments - could you re-review? @rybit upgrading Go sounds great, but I'm not sure I know the whole process for doing so for this repo.