Add `x-requested-with` header to unbreak recent version of TW

[padenot]

I updated various components on my server, related to tiddlywiki (plugins, TW itself, this wonderful gem, etc.), and it broke, with the exact symptoms explained in #6.

I tracked this down to a CSRF check in TW, using http.set_debug_output($stdout), the HTTP response from downstream (the TW server) was:

-> "HTTP/1.1 403 'X-Requested-With' header required to login to 'My ~TiddlyWiki'\r\n"

Adding this header repairs the whole thing. I'd have wished for a way to get all the upstream HTTP headers, but it doesn't appear to exist (neither in Sinatra nor in Rack, that mangles the headers and put them in env with an HTTP_ prefix and some upper casing etc., however I'm by no mean a ruby person, so I'm happy to be proven wrong). Iterating over the headers, checking that they start with HTTP_ and adding that to the downstream request header would be nicer, but it's unnecessary and ugly.

A similar fix has been done for the delete case for the same reason.

I suppose that an alternative fix would be to disable CSRF checks in TW, as https://tiddlywiki.com/static/WebServer%2520Parameter%253A%2520csrf-disable.html seem to indicate, but conceptually, a proxy should probably pass things through untouched.