chore: redact api-key headers in debug logs

Author: stainless-app[bot]

orb-java-core/src/main/kotlin/com/withorb/api/core/http/LoggingHttpClient.kt

@@ -31,7 +31,7 @@ private constructor(
     /**
      * Sensitive headers to redact from logs.
      *
-     * Defaults to `Set.of("Authorization")`.
+     * Defaults to `Set.of("authorization", "api-key", "x-api-key", "cookie", "set-cookie")`.
      */
     @get:JvmName("redactedHeaders") val redactedHeaders: SortedSet<String>,
     /**
@@ -192,7 +192,8 @@ private constructor(
     class Builder internal constructor() {
 
         private var httpClient: HttpClient? = null
-        private var redactedHeaders: Set<String> = setOf("Authorization")
+        private var redactedHeaders: Set<String> =
+            setOf("authorization", "api-key", "x-api-key", "cookie", "set-cookie")
         private var clock: Clock = Clock.systemUTC()
         private var level: LogLevel? = null
 
@@ -210,7 +211,7 @@ private constructor(
         /**
          * Sensitive headers to redact from logs.
          *
-         * Defaults to `Set.of("Authorization")`.
+         * Defaults to `Set.of("authorization", "api-key", "x-api-key", "cookie", "set-cookie")`.
          */
         fun redactedHeaders(redactedHeaders: Set<String>) = apply {
             this.redactedHeaders = redactedHeaders

orb-java-core/src/test/kotlin/com/withorb/api/core/http/LoggingHttpClientTest.kt

@@ -870,7 +870,8 @@ internal class LoggingHttpClientTest {
         httpClient: HttpClient,
         level: LogLevel,
         clock: Clock = clockFrom(Instant.parse("1998-04-21T00:00:00Z")),
-        redactedHeaders: Set<String> = setOf("Authorization"),
+        redactedHeaders: Set<String> =
+            setOf("authorization", "api-key", "x-api-key", "cookie", "set-cookie"),
     ): LoggingHttpClient =
         LoggingHttpClient.builder()
             .httpClient(httpClient)