Don't allow \r in header names

[erikdubbelboer]

From RFC 9112:

  A sender MUST NOT generate a bare CR (a CR character not immediately
  followed by LF) within any protocol elements other than the content.
  A recipient of such a bare CR MUST consider that element to be invalid
  or replace each bare CR with SP before processing the element or forwarding
  the message.

net/http seems to completely error on this, so let's do the same.

Fixes https://github.com/valyala/fasthttp/issues/1785

See: https://go.dev/play/p/EmMgzC_yLvN

[kenballus]

This patch looks good, but it could be improved by rejecting more characters than just \t, \r, and .

The RFCs define header names with the following grammar rules:

field-name = token
token = 1*tchar
tchar = "!" / "#" / "$" / "%" / "&" / "'" / "*" / "+" / "-" / "." / "^" / "_" / "`" / "|" / "~" / DIGIT / ALPHA

Thus, all of the following characters should also be prohibited in field-names, in addition to \r, `, and\t`:

• \x00-\x08 inclusive,
• \x0b,
• \x0c,
• \x0e-\x1f inclusive,
• ",
• (,
• ),
• ,,
• /,
• ;,
• <,
• =,
• >,
• ?,
• @,
• [,
• \,
• ],
• {,
• },
• \x7f-\xff inclusive

net/http errors on all of these characters.

[erikdubbelboer]

Good point, I have no changed it to check all characters.