pluto: handle auth info in https_proxy

[etungsten]

Issue number:
Resolves #3525

Description of changes:

    pluto: handle auth info in https_proxy
    
    Need to parse out auth info in `https_proxy` and set to proxy header.

Testing done:
Unit tests pass.

Set up my own tiny proxy host and launched new Bottlerocket host with the following settings:

[settings.network]
https-proxy = "http://user:pass@my_proxy:9898"

The boot succeeds, pluto successfully fetches instance information through AWS EC2 API.
In cloudtrail, i can see the source of the DescribeInstance event as being my proxy:

{
    "userIdentity": {
        "type": "AssumedRole",
        "principalId": ".....i-0d2d921de0b0a9aad",
        "arn": "..../i-0d2d921de0b0a9aad",
...
    "eventTime": "2023-12-05T23:51:56Z",
    "eventSource": "ec2.amazonaws.com",
    "eventName": "DescribeInstances",
    "awsRegion": "us-west-2",
    "sourceIPAddress": "<my_proxy_url>",
    "userAgent": "aws-sdk-rust/0.55.3 os/linux lang/rust/1.73.0",

Terms of contribution:

By submitting this pull request, I agree that this contribution is dual-licensed under the terms of both the Apache License, version 2.0, and the MIT license.

[etungsten]

Push above addresses @bcressey's comments.

Retested, same behavior as observed in cloudtrail:

    "userIdentity": {
        "type": "AssumedRole",
        "principalId": "...:i-03de3baa30b4d01f0",
        "arn": "...i-03de3baa30b4d01f0",
...
        }
    },
    "eventSource": "ec2.amazonaws.com",
    "eventName": "DescribeInstances",
    "awsRegion": "us-west-2",
    "sourceIPAddress": "my_proxy",
    "userAgent": "aws-sdk-rust/0.55.3 os/linux lang/rust/1.73.0",

[yeazelm]

LGTM!

[cbgbt]

I haven't done much with Proxy-Authorization but my read of the header documentation and my understanding of URL username/password encoding makes me think that it's valid to provide a passphrase without a username.

Should we be inserting the header if a password is given without a username?

[etungsten]

I believe so. Good catch

[etungsten]

Push above addresses @cbgbt 's comment

[bcressey]

Why do we need to set the authorization headers in the _ (specifically, None) case where connections aren't going through the proxy?

[etungsten]

This was lifted from hyper_proxy source and it's not super clear to me either. In any case, we shouldn't be reaching this path since we're only proxying HTTPS traffic.

[etungsten]

After some digging, we've determined that the Auth header here will never get sent if the proxy doesn't "match" with the destination URL. We'll go ahead and simplify this logic here so it only contains the case we care about, i.e. proxying HTTPS traffic.