fix(rpc): set const ReadHeaderTimeout to dymint RPC server

[mtsitrin]

• setting client timeout to mitigate HTTP based DoS attacks

Close #652

For Author:

• Targeted PR against correct branch
• included the correct type prefix in the PR title
• Linked to Github issue with discussion and accepted design
• Targets only one github issue
• Wrote unit and integration tests
• All CI checks have passed
• Added relevant godoc comments

---

For Reviewer:

• confirmed the correct type prefix in the PR title
• Reviewers assigned
• confirmed all author checklist items have been addressed

---

After reviewer approval:

• In case targets main branch, PR should be squashed and merged.
• In case PR targets a release branch, PR should be rebased.

[mtsitrin]

I've added ReadHeaderTimeout to mitigate network based slow attack (which can happen before the execution of timeouthandler)

[danwt]

timeout: we still want https://pkg.go.dev/net/http#TimeoutHandler and server.ReadTimeout right?

// ReadTimeout is the maximum duration for reading the entire
// request, including the body. A zero or negative value means
// there will be no timeout.
//
// Because ReadTimeout does not let Handlers make per-request
// decisions on each request body's acceptable deadline or
// upload rate, most users will prefer to use
// ReadHeaderTimeout. It is valid to use them both.
ReadTimeout time.Duration

?

[mtsitrin]

AFAICT, we want server with ReadHeaderTimeout defined and http.TimeoutHandler as the handler.

[zale144]

Suggested change

	// ReadHeaderTimeout is the timeout for reading the request headers.
	ReadHeaderTimeout = 5 * time.Second
	// readHeaderTimeout is the timeout for reading the request headers.
	readHeaderTimeout = 5 * time.Second

[zale144]

@danwt I think this is about the timeout for reading headers, to prevent someone from sending a ridiculously large header that would take forever to read. But I am not sure if http.TimeoutHandler would cover that.