feat(header): make HeaderValue::set_sensitive const

Some applications like OAuth clients for GitHub or Forgejo are forced to
embed a client password into the application, even if the client is
considered public. Make `HeaderValue::set_sensitive` available in const
contexts to allow applications to mark embedded headers as sensitive.

Warn developers in `set_sensitive`'s documentation that embedded secrets
are trivial to dump and should not be considered secure.

Add a unit test that ensures both `HeaderValue::from_static` and
`HeaderValue::set_sensitive` can be used in const contexts and that they
continue to work as expected.

Closes: #807

Author: archer-321

src/header/value.rs

@@ -298,6 +298,11 @@ impl HeaderValue {
 
     /// Mark that the header value represents sensitive information.
     ///
+    /// This method is `const` to allow marking constants created with
+    /// [`HeaderValue::from_static`] as sensitive. Note that sensitive values
+    /// that are embedded into an application are trivial to dump and cannot be
+    /// considered secure.
+    ///
     /// # Examples
     ///
     /// ```
@@ -311,7 +316,7 @@ impl HeaderValue {
     /// assert!(!val.is_sensitive());
     /// ```
     #[inline]
-    pub fn set_sensitive(&mut self, val: bool) {
+    pub const fn set_sensitive(&mut self, val: bool) {
         self.is_sensitive = val;
     }
 
@@ -768,3 +773,18 @@ fn test_debug() {
     sensitive.set_sensitive(true);
     assert_eq!("Sensitive", format!("{:?}", sensitive));
 }
+
+#[test]
+fn test_const_context() {
+    let val = const { HeaderValue::from_static("content") };
+    assert_eq!("content", val.to_str().unwrap());
+    assert_eq!("\"content\"", format!("{val:?}"));
+
+    let val = const {
+        let mut val = HeaderValue::from_static("secret");
+        val.set_sensitive(true);
+        val
+    };
+    assert_eq!("secret", val.to_str().unwrap());
+    assert_eq!("Sensitive", format!("{val:?}"));
+}