Feature: fix a number of redirect handling issues

[rexxars]

When requesting an eventsource endpoint and defining custom, sensitive headers, such as Authorization and Cookie, these headers should not be forwarded when redirecting to a different origin than the original.

While looking in to fixing this, I discovered that the current redirect handling also does not support relative URLs in the Location header (eg Location: /some/other/path), nor does it set any limit on the maximum number of redirects. Instead of attempting to patch all these shortcomings, I feel we are better suited by utilizing the follow-redirects module, which handles all of these cases and is widely used.

[rexxars]

We should however release this as a major update since webpack configs may need to be updated.

I don't think there should be any config changes necessary, but given I am not 100% sure, I agree with your point. Given this is patching a security issue, I really want to get a patch release out to ensure people don't have to upgrade to a new major to be covered. I have opened #273 to address only the headers issue, leaving this one as a general redirect handling PR.

Would you mind reviewing that one, @joeybaker ?