Refs #44
File: crates/charon-executor/src/submit.rs, crates/charon-core/src/config.rs
Problem
Bloxroute and blocknative support Authorization: Bearer headers as the preferred secret-passing mechanism. URL-embedded tokens appear in server-side access logs regardless of TLS. The PR forces operators to embed API keys in the URL.
Fix
Add optional ChainConfig.private_rpc_auth: Optionsecrecy::SecretString field. Plumb through Submitter::connect(url, auth, timeout) → attach Authorization header on every JSON-RPC POST. Document expected env var as CHARON_BSC_PRIVATE_RPC_AUTH.
Refs #44
File: crates/charon-executor/src/submit.rs, crates/charon-core/src/config.rs
Problem
Bloxroute and blocknative support Authorization: Bearer headers as the preferred secret-passing mechanism. URL-embedded tokens appear in server-side access logs regardless of TLS. The PR forces operators to embed API keys in the URL.
Fix
Add optional ChainConfig.private_rpc_auth: Optionsecrecy::SecretString field. Plumb through Submitter::connect(url, auth, timeout) → attach Authorization header on every JSON-RPC POST. Document expected env var as CHARON_BSC_PRIVATE_RPC_AUTH.