`SENSITIVE_HEADERS` checks should not be case-sensitive

[Moelf]

[Found by ZeroPath and manually checked by me]

HTTP.jl/src/clientlayers/RedirectRequest.jl

Lines 44 to 45 in e7feb99

	elseif (header in SENSITIVE_HEADERS && !isdomainorsubdomain(url.host, oldurl.host))
	return false

HTTP.jl/src/clientlayers/RedirectRequest.jl

Lines 69 to 74 in e7feb99

	const SENSITIVE_HEADERS = Set([
	"Authorization",
	"Www-Authenticate",
	"Cookie",
	"Cookie2"
	])

if there's a header like authorization, we would misjudge it as being not sensitive and forward it, which is a security flaw