Add blacklist headers to protect against DoS attack

[bytehope]

Hello, I have tried everything to contact the maintainers, nobody answer to me, there is my last try.

1. There is populate headers into outgoing request from incoming:
   https://github.com/http-party/node-http-proxy/blob/master/lib/http-proxy/common.js#L43

2. if then add Trailer header with any value into the incoming request, that header will be handled by the internal nodejs http lib. For a GET-request, processing that header will trigger unhandled error ERR_HTTP_TRAILER_INVALID. https://github.com/nodejs/node/blob/38cc53845307fdb81dd50cfb7bcfc8c7b83b947c/lib/_http_outgoing.js#L538

3. An unhandled error will cause nodejs shutdown.

If any other project uses node-http-proxy package and just proxy any "user" request, all of them are vulneranilty to DoS attack

[mhassan1]

I think the right thing to do would be to report the vulnerability to Snyk (link), which will assign it a CVE.