be able to setup headers for url requests

[maxandersen]

seeing #1943 which fixes access to private github repos using headers on specfic named sites (github.com, githubusercontent.com, etc.) it probably would make sense we somehow enable to configure bearer token or even general headers for requests.

for maven repos we listen to ~/.m2/settings.xml if present (https://stackoverflow.com/questions/77809885/how-to-use-bearer-authorization-token-in-maven-settings-xml) but not everything is a maven repo url in jbang - so maybe expand what trusted-sources.json does to include header definitions. Though it would need a new file/pattern to not break existing jbang versions.