feat(config): make ACCOUNTS_USERINFO_HEADERS customisable (#713)

Allow enabling and disabling the `X-User-ID` and `X-User-Session`
headers that were always set on HTTP responses. These are useful only
for debug purposes, and they are not needed otherwise.

Author: mdonadoni

reana_server/config.py

@@ -150,7 +150,9 @@ def _(x):
 #: and X-User-ID headers to HTTP response. You MUST ensure that NGINX (or other
 #: proxies) removes these headers again before sending the response to the
 #: client. Set to False, in case of doubt.
-ACCOUNTS_USERINFO_HEADERS = True
+ACCOUNTS_USERINFO_HEADERS = bool(
+    strtobool(os.getenv("ACCOUNTS_USERINFO_HEADERS", "False"))
+)
 #: Disable password recovery by users.
 SECURITY_RECOVERABLE = False
 REANA_USER_EMAIL_CONFIRMATION = strtobool(