Delegate Content-Type verification solely to contentTypeMatches()

[blakestoddard]

Image content returned from the initial request will have its Content-Type verified at https://github.com/willnorris/imageproxy/blob/main/imageproxy.go#L243. Prefilling the Accept header with the list of accepted Content-Type's has proven troublesome for some of our customers as some web servers have odd behaviors like:

• returning an error if you provide a list of Content-Types in Accept
• returning an error if you provide a Content-Type in Accept that the server does not know about (like image, which is not valid normally, but some web servers return content using that Content-Type 🙃)

The addition of Accept-Language is similar -- we've found some servers that will return an error if no Accept-Language header is supplied. Wack a mole!

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 87.27%. Comparing base (c08b3c5) to head (6ed3117).
⚠️ Report is 124 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #252   +/-   ##
=======================================
  Coverage   87.27%   87.27%           
=======================================
  Files           6        6           
  Lines         503      503           
=======================================
  Hits          439      439           
  Misses         36       36           
  Partials       28       28           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[blakestoddard]

Whoops, forgot that there was a PR for this branch. I'll pull that last commit into a different branch -- we're just disabling SVG all together since we can't properly sanitize it and security researchers keep using it to submit reports.