Make `HeaderValue::set_sensitive` available in const contexts

[archer-321]

Hey, I'd like to use HeaderValue::set_sensitive when defining header value constants with HeaderValue::from_static.
In particular, I'd like to mark an OAuth client credential that's compiled into the application as sensitive.

I fully understand that a value that's compiled into the binary is trivial to dump and shouldn't be considered secure. Moreover, I fully understand that no amount of obfuscation will change this. However, many OAuth implementations (like GitHub or Forgejo) always issue client credentials, regardless of whether the client is public or confidential. This means clients are forced to use the credential, which effectively means the credential has to be embedded into the client.

I'd be willing to contribute a PR for this, but I wanted to open an issue to discuss first, as the idea of storing confidential header values as constants seems controversial. In addition to the const keyword, a note in the doc comment to discourage developers from embedding secrets might be warranted.

---

Thank you for creating Hyper and this crate!

[seanmonstar]

That seems like fair change. Would you like to submit a PR?

[archer-321]

Thanks for the reply!

That seems like fair change. Would you like to submit a PR?

I've opened #808. Please let me know if you'd like to see any changes 🙂