prevent sending authorization: null header

[furkhat]

Proposed Changes

Add additional check to prevent sending "authorization": "null" and prefer sending no header if no value known.

RabbitMQ version 3.8.5. Firefox version 78.0.1. Using basic authentication request for /whoami sends "authorization": "null" in case if no logins previously were made.

Types of Changes

• [ ] Bugfix (non-breaking change which fixes issue #NNNN)
• [x] New feature (non-breaking change which adds functionality)
• [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
• [ ] Documentation (correction or otherwise)
• [ ] Cosmetics (whitespace, appearance)

Checklist

Put an x in the boxes that apply. You can also fill these out after creating the PR. If you're unsure about any of them, don't hesitate to ask on the mailing list. We're here to help! This is simply a reminder of what we are going to look for before merging your code.

• [x] I have read the CONTRIBUTING.md document
• [x] I have signed the CA (see https://cla.pivotal.io/sign/rabbitmq)
• [ ] All tests pass locally with my changes
• [ ] I have added tests that prove my fix is effective or that my feature works
• [ ] I have added necessary documentation (if appropriate)
• [ ] Any dependent changes have been merged and published in related repositories

Further Comments

This is useful for me because I host rabbitmq management ui under a proxy which tries to read authorization header and fails assuming that "null" is invalid token.

[michaelklishin]

Thank you!

[michaelklishin]

Backported to v3.8.x.