fix: 修复 User-Agent 暴露问题并实现安全的 header 转发

- 移除硬编码的 'claude-relay-service/1.0.0' User-Agent，防止代理身份暴露
- 添加 _filterClientHeaders 方法过滤敏感请求头
- 实现完整的客户端 header 转发功能
- 默认 User-Agent 设置为 'claude-cli/1.0.53 (external, cli)'
- 过滤 x-api-key, authorization, host 等敏感 headers
- 更新所有 _makeClaudeRequest 方法支持 clientHeaders 参数
- 修改 API 路由传递 req.headers 到服务层

安全改进：
- 防止代理服务身份暴露
- 提升请求透明性和安全性
- 保持客户端原始请求特征

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>

src/routes/api.js

@@ -50,7 +50,7 @@ router.post('/v1/messages', authenticateApiKey, async (req, res) => {
       let usageDataCaptured = false;
       
       // 使用自定义流处理器来捕获usage数据
-      await claudeRelayService.relayStreamRequestWithUsageCapture(req.body, req.apiKey, res, (usageData) => {
+      await claudeRelayService.relayStreamRequestWithUsageCapture(req.body, req.apiKey, res, req.headers, (usageData) => {
         // 回调函数：当检测到完整usage数据时记录真实token使用量
         logger.info('🎯 Usage callback triggered with complete data:', JSON.stringify(usageData, null, 2));
         
@@ -86,7 +86,7 @@ router.post('/v1/messages', authenticateApiKey, async (req, res) => {
         apiKeyName: req.apiKey.name
       });
       
-      const response = await claudeRelayService.relayRequest(req.body, req.apiKey, req, res);
+      const response = await claudeRelayService.relayRequest(req.body, req.apiKey, req, res, req.headers);
       
       logger.info('📡 Claude API response received', {
         statusCode: response.statusCode,