feat: forward X-BitGo-OTP header from client requests to BitGo API

[sandra-wang-bitgo]

Description

This change adds support for forwarding the X-BitGo-OTP header from incoming client requests to the BitGo API. This enables clients to pass OTP (One-Time Password) credentials through the Express proxy to the backend BitGo service.

The implementation introduces a configurable FORWARDED_HEADERS list that specifies which headers should be forwarded from incoming requests to the BitGo API. Currently, only x-bitgo-otp is included, but the design allows for easy addition of other headers in the future.

Changes Made:

• Added FORWARDED_HEADERS constant to define which headers should be forwarded
• Updated redirectRequest() function to iterate through forwarded headers and set them on outgoing requests
• Added proper handling for both string and array header values (Express can normalize headers to arrays)
• Added unit tests to verify the header is forwarded when present and not forwarded when absent

Type of change

• New feature (non-breaking change which adds functionality)

How Has This Been Tested?

Added two new unit tests in modules/express/test/unit/clientRoutes/index.ts:

1. should forward X-BitGo-OTP header when present - Verifies the header is correctly forwarded to the BitGo API when included in the incoming request
2. should not forward X-BitGo-OTP header when not present - Verifies the code handles the absence of the header gracefully

Both tests verify the behavior through stubbed responses and assertion on the set() method calls.

Checklist:

• My code follows the style guidelines of this project
• I have performed a self-review of my own code
• I have commented my code, particularly in hard-to-understand areas
• I have added tests that prove my feature works
• New and existing unit tests pass locally with my changes

TICKET: CUS-80