Always redact Authorization headers before sending to Sentry

[jamescrosswell]

Sentry Replay currently redacts the Authorization header to avoid private information leaks. Instead, SDK users see something like this in their Sentry portal:

Ideally we'd also redact this in the SDK before it crosses process boundaries though.

The FailedRequest handler and HttpContextExtensions currently capture all headers when SendDefaultPii is true:

sentry-dotnet/src/Sentry/SentryHttpFailedRequestHandler.cs

Lines 62 to 73 in f765f99

	if (!Options.SendDefaultPii)
	{
	sentryRequest.Url = uri?.HttpRequestUrl();
	}
	else
	{
	sentryRequest.Url = uri?.AbsoluteUri;
	sentryRequest.Cookies = request.Headers.GetCookies();
	sentryRequest.AddHeaders(request.Headers);
	responseContext.Cookies = response.Headers.GetCookies();
	responseContext.AddHeaders(response.Headers);
	}

ScopeExtensions excludes this rather than redacting it:

sentry-dotnet/src/Sentry.AspNetCore/ScopeExtensions.cs

Lines 138 to 151 in f765f99

	if (!options.SendDefaultPii
	// Don't add headers which might contain PII
	&& (requestHeader.Key == HeaderNames.Cookie
	|| requestHeader.Key == HeaderNames.Authorization))
	{
	continue;
	}
	scope.Request.Headers[requestHeader.Key] = requestHeader.Value!;
	if (requestHeader.Key == HeaderNames.Cookie)
	{
	scope.Request.Cookies = requestHeader.Value;
	}