Redirects should not pass along the authorization header for security and usability reasons

[bbowman]

Apple does this by default (see Alamofire/Alamofire#798) but it appears the Windows http implementation give flexibility here. To be consistent across platforms as well not leak auth tokens to other locations, the auth header should be removed.

[jasonsandlin]

Does your outstanding PR adds this for redirects for to the Windows HTTP path right? And prior to your change redirects happen but include the auth token is that right?