feat(configx): add HTTP header log redaction config

[whisky-is-life]

This PR introduces a change that allows configuration of additional HTTP headers to be redacted in the logs to address a case where custom HTTP headers containing sensitive information (e.g. tokens) are logged on production environments when a deployment such as one for Ory Kratos triggers a webhook request with these headers

Some alternatives that were considered include:

• Setting the log level to fatal to keep these kind of information out of the logs, which is not really a desirable log level as it would result in decreased observability of the deployments
• Trying to place tokens inside of the Authorization header, which would be ideal, but some 3rd party APIs do not accept a standard Authorization header and instead require non-standard HTTP headers such as X-Auth-Token in which case it is simpler to have deployments accept such headers with redaction, rather than having some proxy rewrite the HTTP headers

Related Issue or Design Document

Checklist

• [x] I have read the contributing guidelines and signed the CLA.
• [ ] I have referenced an issue containing the design document if my change introduces a new feature.
• [x] I have read the security policy.
• [x] I confirm that this pull request does not address a security vulnerability. If this pull request addresses a security vulnerability, I confirm that I got approval (please contact [email protected]) from the maintainers to push the changes.
• [x] I have added tests that prove my fix is effective or that my feature works.
• [x] I have added the necessary documentation within the code base (if appropriate).

Further comments