Secret proxying #2
Description
The proxy should be able to rewrite specific headers and replace temporary secrets with actual secrets.
The cli revives a map of (domain/secret -> replacement). When a fetch starts, it looks ups the list of replacements and applies it if matching.
This allows a cli caller to generate temporary, dummy tokens to be "leaked" to the container without sharing the actual secrets.
Must be bound to specific domains.