Wipe webhook credentials from messages that are passed into the flow

[jhorbulyk]

Currently, if you create a flow where the first component is a webhook component with authentication all received headers are passed to the next step in the flow (in the body). Ideally, the authentication headers should be removed. Ex:

• If authentication type is No Auth -> Nothing to do
• If authentication type is Basic Auth -> Remove Authorization header
• If authentication type is API Key auth -> Remove the specific key from the header
• If authentication type is HMAC -> remove whatever header contains the HMAC value.

[jhorbulyk]

For the sake of backwards compatibility, we may need to add the above functionality toggle-able with a config field.