dfget may leak credentials (via --header flag) when called by dfdaemon

[jayme-github]

Ⅰ. Issue Description

We use dfdaemon as HTTPS_PROXY for our in house docker registry and some namespaces of said registry do need authentication. When dfdaemon calls dfget for processing, it passes the HTTP headers including Authorization: from dockerd to dfget which leaks them to users able to read the process list.

Ⅲ. Describe what you expected to happen

dfget could rewrite all/certain command line flags (like curl does) or use/support a different method for reading the headers (maybe by reading from file).

Ⅳ. How to reproduce it (as minimally and precisely as possible)

1. Set up dfdaemon as described in https://github.com/dragonflyoss/Dragonfly/blob/master/docs/user_guide/proxy.md
2. Configure docker to use authentication: https://docs.docker.com/engine/reference/commandline/login/
3. Pull an image

Ⅵ. Environment:

• dragonfly version: v1.0.6
• OS (e.g. from /etc/os-release): Debian 9
• Kernel (e.g. uname -a): 4.19.0-0.bpo.14-amd64
• Install tools: docker 18.06.3

I'm happy to contribute code to fix this, but wanted to open a discussion about if/which solution might be accepted upstream first.