bug: `Authorization` header reflected to upstream APIs

[dannykopping]

The Anthropic Go SDK examines the process's environment and automatically configures some options:

https://github.com/anthropics/anthropic-sdk-go/blob/main/client.go#L26-L41

If the host process on which aibridged is running has the ANTHROPIC_AUTH_TOKEN or ANTHROPIC_API_KEY env configured, this will get relayed to Anthropic's API.

In other words, values entirely unrelated to the intercepted request's headers can end up in the intercepted requests being relayed upstream.

// NewClient generates a new client with the default option read from the
// environment (ANTHROPIC_API_KEY, ANTHROPIC_AUTH_TOKEN, ANTHROPIC_BASE_URL). The
// option passed in as arguments are applied after these default arguments, and all
// option will be passed down to the services and requests that this client makes.
func NewClient(opts ...option.RequestOption) (r Client) {
	opts = append(DefaultClientOptions(), opts...)

	r = Client{Options: opts}

We'll need to override Options in the created Client to remove these options.

---

The same applies for the OpenAI lib we use.

[dannykopping]

As it turns out, the headers are not "reflected" from aibridged -> aibridge lib -> upstream, but rather that the aibridge lib is adding its own headers.