We install an HTTP middleware that adds the "Authorization" header on
every HTTP request. However, our asset download process might redirect
to a 3rd-party host (Amazon S3) and we want to allow those requests but
not require that they are authenticated.
Furthermore, we need the ability to specify the `Accept` request header
without it being overwritten by middleware, so now middleware only adds
headers that are not present in a request.
This ensures that while having git remotes to point to either
`github.com` or authenticated GHE instances, adding another git remote
pointing to an unrelated host won't change the remote resolution in any
way, even if the unrelated remote is called `upstream` or `github` (and
thus normally took precedence).
