feat: forward client request headers to upstream providers in bridge routes

[ssncferreira]

Description

AI Bridge drops client request headers when making upstream API calls through bridge routes. The interceptors construct new HTTP requests via provider SDKs, which set their own headers and discard the originals.

Rather than managing specific headers per provider (as done with Copilot's ExtraHeaders), this PR forwards all client headers to upstream providers, stripping only those that are unsafe or managed by the SDK.

Changes

• Add intercept/client_headers.go with SanitizeClientHeaders that clones client headers and strips hop-by-hop and transport-managed headers before forwarding.
• Forward sanitized client headers to upstream providers in all bridge interceptors (Anthropic messages, OpenAI chat completions, OpenAI responses).
• Client headers are applied before SDK options so that auth and other SDK-managed headers take priority on conflict.
• Update all three providers (Anthropic, OpenAI, Copilot) to pass client headers to interceptor constructors.

Follow-up

The following changes will be addressed in follow-up PRs to reduce scope:

• Proxy headers: Passthrough routes set standard proxy headers (X-Forwarded-For, X-Forwarded-Host, X-Forwarded-Proto), while bridge routes do not. Since AI Bridge behaves as a proxy, this handling should be consistent across all requests.
• Copilot extra headers removal: This PR makes the ExtraHeaders mechanism introduced for Copilot redundant, as all client headers are now forwarded. It can be safely removed.
• Anthropic extra headers removal: This PR makes the ExtraHeaders mechanism introduced for Anthropic in #205 redundant, as all client headers are now forwarded. It can be safely removed.

Closes: #192

[ssncferreira]

• feat: forward client request headers to upstream providers in bridge routes #195 👈 (View in Graphite)
• main

This stack of pull requests is managed by Graphite. Learn more about stacking.