Make sure we do not expose secrets in output

This is using the RFC-8959 URI scheme to detect secrets. Thanks
hackernews for the idea ;)

e2e_tests/docker-rest/flask/gitlab.py

@@ -12,7 +12,7 @@ def check_headers():
         app.logger.error("Invalid accept header")
         abort(500)
     auth_header = request.headers.get("authorization")
-    if auth_header != "bearer authtoken":
+    if auth_header != "bearer secret-token:myauthtoken":
         app.logger.error("Invalid authorization header: %s", auth_header)
         abort(
             make_response(