forward cache-status header in images middleware

[Roshan-Pawar]

Closes # 7962

Fix: Forward Cache-Status header in images middleware

The images middleware maintains an explicit allowlist of response headers forwarded from the backend.
The Cache-Status header (RFC 9211) was missing from this list, causing it to be stripped from responses.

[mister-roboto]

@Roshan-Pawar you need to sign the Plone Contributor Agreement to merge this pull request.

Learn about the Plone Contributor Agreement: https://plone.org/foundation/contributors-agreement

If you have already signed the agreement, please allow a week for your agreement to be processed.
Once it is processed, you will receive an email invitation to join the plone GitHub organization as a Contributor.

If after a week you have not received an invitation, then please contact agreements@plone.org.

[boring-cyborg]

Caution

The Volto Team has suspended its review of new pull requests from first-time contributors until the release of Plone 7, which is preliminarily scheduled for the second quarter of 2026.
Read details.

Thanks for submitting your first pull request! You are awesome! 🤗

If you haven't done so already, read
Plone's Code of Conduct,
Contributing to Plone,
First-time contributors, and
Contributing to Volto,
as this will greatly help the review process.

Welcome to the Plone community! 🎉

[davisagli]

From what I see in https://httpwg.org/specs/rfc9211.html#security, leaving out the Cache-Status header might be better from a security perspective.

[wesleybl]

@davisagli I think the responsibility for sending or not sending the header lies with the Cache Server or the Web Server. This shouldn't be Volto's responsibility. It's frustrating when the Cache Server sends the header and Volto doesn't forward it. It makes debugging the cache more difficult.