fix: suppress Go transport headers in raw browser curl

[rgarcia]

Summary

• prevent Go's implicit User-Agent: Go-http-client/1.1 from reaching /curl/raw when callers did not explicitly set a user agent
• disable Go transport compression on the raw-curl leg so implicit Accept-Encoding: gzip is not forwarded into Chromium
• preserve explicit caller-provided User-Agent and Accept-Encoding headers

Test plan

• go test ./lib/browserrouting ./...

Made with Cursor

---

Note

Low Risk
Small, localized change to HTTP transport/header behavior with targeted tests; main risk is subtle header/encoding behavior differences for callers relying on Go defaults.

Overview
Raw /curl/raw browser-egress requests no longer leak Go client defaults: NewHTTPClient now clones *http.Transport with compression disabled (avoiding implicit Accept-Encoding: gzip), and RoundTrip explicitly suppresses Go’s default User-Agent when the caller didn’t set one.

Adds tests verifying that implicit User-Agent/Accept-Encoding are removed while explicitly provided values are preserved.

^{Reviewed by Cursor Bugbot for commit 401aa38. Bugbot is set up for automated code reviews on this repo. Configure here.}

[firetiger-agent]

Firetiger deploy monitoring skipped

This PR didn't match the auto-monitor filter configured on your GitHub connection:

Any PR that changes the kernel API. Monitor changes to API endpoints (packages/api/cmd/api/) and Temporal workflows (packages/api/lib/temporal) in the kernel repo

Reason: Changes appear to be in browser routing/curl handling, not in API endpoints (packages/api/cmd/api/) or Temporal workflows (packages/api/lib/temporal) as specified in the filter.

To monitor this PR anyway, reply with @firetiger monitor this.