[client] Hide Authorization header (opencti/9693)

[SouadHadjiat]

Proposed changes

• Hide token by default and return request headers copy

Related issues

• Bearer token plaintext in error logs of the worker opencti#9693

Checklist

• I consider the submitted work as finished
• I tested the code for its functionality
• I wrote test cases for the relevant uses case
• I added/update the relevant documentation (either on github or on notion)
• Where necessary I refactored code to improve the overall quality

Further comments

to test locally, you need first to set json_logging: true in your config.yml, then you'll need to simulate a ping error on opencti. If you don't know how, you can try to change getApplicationInfo like this so that it will send a periodic error :

let index = 0;
export const getApplicationInfo = () => {
  index += 1;
  if (index === 10) {
    index = 0;
    throw FunctionalError('for debug');
  }
  return {
    version: PLATFORM_VERSION,
    debugStats: {}, // Lazy loaded
  };
};