fix: /response-headers does not need escaping by default

[mccutchen]

So it turns out that the fix for GHSA-528q-4pgm-wvg2 in 0decfd1 made an unintentionally breaking change, by HTML-escaping the body of the /response-headers response when no explicit Content-Type is specified in the incoming request. We do not need to escape by default, because the response will be returned as JSON by default.

This was uncovered by @alxndrsn in #207, a separate issue with the /response-headers endpoint.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 94.50%. Comparing base (0decfd1) to head (3a65543).
Report is 1 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #208   +/-   ##
=======================================
  Coverage   94.50%   94.50%           
=======================================
  Files          10       10           
  Lines        2237     2239    +2     
=======================================
+ Hits         2114     2116    +2     
  Misses         86       86           
  Partials       37       37           

Files with missing lines	Coverage Δ
httpbin/handlers.go	99.16% <100.00%> (+<0.01%)	⬆️

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.