Clean headers before forwarding requests

[jose-ledesma]

- Do you want to request a feature or report a bug? Bug

- What is the current behavior? git-gateway is forwarding some Headers it should not (X-Forwarded-For, Client-IP), which may trigger undesired behaviors (see #41 )

- If the current behavior is a bug, please provide the steps to reproduce. We have detected than when forwarding the Client-IP header to GitLab, its api detected an Spoofing attempt (because X-Forwarded-For and Client-IP did not match)

- What is the expected behavior? Forwarded request should be clean of unneeded headers.

- Please mention your Go version, and operating system version.

[aarushik93]

Hello, can I get some more information on this...is this just for GitLab? Or all forwarded requests should be cleaned of those headers?

[mraerino]

i'd say it should happen for all git providers.

it could be useful to get a build running on staging that logs all request headers, so you can know which to filter. alternatively, an allow-list would make sense, because we can lookup what headers can be passed to those APIs