#2027)

* refact: Eliminate duplication in Request/Response headers via struct embedding

* revert: SetMultipartFormBoundaryBytes

* refact: rename the params of SetProtocol and SetProtocolBytes

* Add warning for deprecated newline separator

* Fix feedback, no context by default, use slog

Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.33.0 to 0.34.0.
- [Commits](golang/sys@v0.33.0...v0.34.0)

---
updated-dependencies:
- dependency-name: golang.org/x/sys
  dependency-version: 0.34.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.39.0 to 0.40.0.
- [Commits](golang/crypto@v0.39.0...v0.40.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-version: 0.40.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [golang.org/x/net](https://github.com/golang/net) from 0.41.0 to 0.42.0.
- [Commits](golang/net@v0.41.0...v0.42.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-version: 0.42.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Optimization:
1. Simplify the Client.Do function, extract the acquisition of HostClient object into a separate function, and simplify the lock code
2. Remove redundant code from the AcquireReader and AcquireWriter functions of HostClient

* fix []byte to string 1 allocs/op

releaseZstdWriter() is never called, so zstdEncoderPool is only used for Get(), never Put().

We can just inline the non Get() path of acquireZstdWriter() and remove releaseZstdWriter().

Also fixed some spelling mistakes.

Bumps [securego/gosec](https://github.com/securego/gosec) from 2.22.5 to 2.22.7.
- [Release notes](https://github.com/securego/gosec/releases)
- [Changelog](https://github.com/securego/gosec/blob/master/.goreleaser.yml)
- [Commits](securego/gosec@v2.22.5...v2.22.7)

---
updated-dependencies:
- dependency-name: securego/gosec
  dependency-version: 2.22.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bad trailers weren't checked correctly.

Some bad trailers that could cause security issues weren't being
disallowed.

)

Bumps [golang.org/x/net](https://github.com/golang/net) from 0.42.0 to 0.43.0.
- [Commits](golang/net@v0.42.0...v0.43.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-version: 0.43.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

This is not relevant anymore since CoarseTimeNow is just time.Now.

RequestHeader.PeekKeys() and ResponseHeader.PeekKeys() were both
implemented wrong. The tests were also wrong causing this to never be
noticed. They both never actually returned all header keys, this has
been fixed now.

While this is a backwards incompatible change, I'm still going to
release it. Anyone using these functions would have noticed they
didn't work as documented and probably would not have continued using
them.

Fixes #2044

When using caching fs shouldn't cause any allocations.

Only do []byte to string conversions when really needed. When a file is
already cached the conversion shouldn't be needed.

Fixes #2045

Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 5.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@v4...v5)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

This change updates header parsing to match the behavior of net/http more closely.

**Breaking change**: headers delimited by `\n` (instead of `\r\n`) are no longer supported.

Previously, fasthttp accepted `\n` as a delimiter, which is not spec compliant.
This made it difficult to correctly parse headers containing both `\n` and `\r\n`.