fix: defer loading of head.html to allow inclusion of request cookie

[tripodsan]

This fix changes the way how the remote head.html is loaded (the remote head.html version is needed to properly calculating how the local head.html needs to be injected into the html page).
instead of fetching the head.html during startup, it is deferred until the proxy server actually needs it. this is after the browser sent eventual request cookie. this allows that the remote head.html can be fetched also for authenticated sites.

fixes #2274

[github-actions]

This PR will trigger a patch release when merged.

[codecov]

Codecov Report

Attention: 2 lines in your changes are missing coverage. Please review.

Comparison is base (2f74d4d) 93.39% compared to head (2b87cbf) 93.43%.
Report is 1 commits behind head on main.

Files	Patch %	Lines
src/server/HelixProject.js	0.00%	1 Missing ⚠️
src/up.cmd.js	66.66%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #2275      +/-   ##
==========================================
+ Coverage   93.39%   93.43%   +0.03%     
==========================================
  Files          26       26              
  Lines        3574     3594      +20     
  Branches        1        1              
==========================================
+ Hits         3338     3358      +20     
  Misses        236      236              

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[tripodsan]

🎉 This PR is included in version 16.0.7 🎉

The release is available on:

• npm package (@latest dist-tag)
• GitHub release

Your semantic-release bot 📦🚀