fix: update OWASP data source to use raw GitHub URL (issue #275)

[alegarciadelrio]

Summary

Currently there is an error to generate the openapi spec file ISSUE . This PR updates the OWASP secure-headers data source to fetch headers_add.json directly from GitHub's raw content host instead of owasp.org. It seems owasp moved the project files to github.

I believe request the github raw file is ok in the meantime, because the max rate limit is like 5k per source IP. Other option is use the api, but i believe will add complexity.

Changes

• src/owasp.js: Changed the fetch URL from https://owasp.org/www-project-secure-headers/ci/headers_add.json to https://raw.githubusercontent.com/OWASP/www-project-secure-headers/refs/heads/master/ci/headers_add.json.
• test/unit/owasp.spec.js: Updated the nock HTTP mocks across all three getLatest test cases to match the new host and path.

Why

The owasp.org endpoint no longer reliably serves the headers JSON. Pulling directly from the project's GitHub repo (master branch) provides a stable, canonical source for the latest secure-header definitions.

Testing

• Existing unit tests in test/unit/owasp.spec.js updated and passing, covering:
  • Fallback to bundled defaults when the source is unreachable (404)
  • Populating defaults from a new OWASP release
  • Handling newly added headers in a release