Validate outgoing request methods #85
Description
Twisted recently did a CVE fix for CRLF injection in methods and request targets: https://twistedmatrix.com/trac/ticket/9647
We already validate request targets and headers to prevent this kind of nonsense, but AFAICT we don't actually validate request methods.
It seems very unlikely that most people are allowing attacker-controlled input into their HTTP methods. Methods are hard-coded like 99.999% of the time. But given that we're already validating everything else, we might as well validate this too just to make sure.