[iast] Add Header Injection vulnerability exclusions for reflected headers

[CarlesDD]

Motivation

Check exclusions for Header Injection vulnerability for reflected headers

Changes

• Created a new base test BaseTestHeaderInjectionReflectedExclusion
• Added 4 new test, one for each exclusion
• Updated manifests with missing_feature for all tracers except for Node.js
• Created necessary endpoints for express4 and express4-typescript variants for Node.js

Workflow

1. ⚠️ Create your PR as draft ⚠️
2. Work on you PR until the CI passes (if something not related to your task is failing, you can ignore it)
3. Mark it as ready for review
   • Test logic is modified? -> Get a review from RFC owner. We're working on refining the codeowners file quickly.
   • Framework is modified, or non obvious usage of it -> get a review from R&P team

🚀 Once your PR is reviewed, you can merge it!

🛟 #apm-shared-testing 🛟

Reviewer checklist

• If PR title starts with [<language>], double-check that only <language> is impacted by the change
• No system-tests internal is modified. Otherwise, I have the approval from R&P team
• CI is green, or failing jobs are not related to this change (and you are 100% sure about this statement)
• A docker base image is modified?
  • the relevant build-XXX-image label is present
• A scenario is added (or removed)?
  • Get a review from R&P team

APPSEC-55563

[uurien]

BaseTestHeaderInjectionReflectedExclusion is Header related test, why are you creating the class in utils and not here?

[CarlesDD]

Fixed :)