Sanitize additional client authentication header (#130891)

Removing additional `X-Client-Authentication` header from 
thread context after it's been used.

Author: slobodanadamovic

server/src/main/java/org/elasticsearch/common/util/concurrent/ThreadContext.java

@@ -737,6 +737,7 @@ public void sanitizeHeaders() {
                 entry -> entry.getKey().equalsIgnoreCase("authorization")
                     || entry.getKey().equalsIgnoreCase("es-secondary-authorization")
                     || entry.getKey().equalsIgnoreCase("ES-Client-Authentication")
+                    || entry.getKey().equalsIgnoreCase("X-Client-Authentication")
             );
 
         final ThreadContextStruct newContext = new ThreadContextStruct(

server/src/test/java/org/elasticsearch/common/util/concurrent/ThreadContextTests.java

@@ -1104,7 +1104,8 @@ public void testSanitizeHeaders() {
             final String authorizationHeader = randomCase("authorization");
             final String authorizationHeader2 = randomCase("es-secondary-authorization");
             final String authorizationHeader3 = randomCase("ES-Client-Authentication");
-            Set<String> possibleHeaders = Set.of(authorizationHeader, authorizationHeader2, authorizationHeader3);
+            final String authorizationHeader4 = randomCase("X-Client-Authentication");
+            Set<String> possibleHeaders = Set.of(authorizationHeader, authorizationHeader2, authorizationHeader3, authorizationHeader4);
             Set<String> headers = randomizeHeaders
                 ? randomSet(0, possibleHeaders.size(), () -> randomFrom(possibleHeaders))
                 : possibleHeaders;