Add security access header to local node requests

[cypt4]

Initial idea is to make Kubo an ability to decide which extensions and sites are able to access it's API.
Since WebRequest API is available in the Brave Browser we need to research if it is possible to add headers which bypass this API.
For example - restore Origin header if it was modified, but only for localnode requests.
cc @lidel

[diracdeltas]

Slack discussion here: https://bravesoftware.slack.com/archives/C8MP8ME4C/p1698695590144259

[lidel]

RPC API.Authorizations will be released in Kubo 0.25, allowing Brave to limit access to specific commands.

It relies on Authorization: Bearer <token> header, so once Brave hides requests to 127.0.0.1:485001 (Kubo RPC port), a token unique to browser extension could be added to lock this down.

There is also follow-up work in ipfs/kubo#10229 to namespace things like MFS and IPNS keys per token, locking it down even further.