feat: add annotation to allow to add custom response headers (#9742)

* add custom headers

Signed-off-by: Christian Groschupp <christian@groschupp.org>

* add tests

Signed-off-by: Christian Groschupp <christian@groschupp.org>

* add docs

* update copyright

* change comments

* add e2e test customheaders

* add custom headers validation

* remove escapeLiteralDollar filter

* validate value in custom headers

* add regex for header value

* fix annotation test

* Revert "remove escapeLiteralDollar filter"

This reverts commit ab48392b60dee4ce146a4c17e046849f9633c7fb.

* add annotationConfig

* fix test

* fix golangci-lint findings

* fix: add missung exp module

---------

Signed-off-by: Christian Groschupp <christian@groschupp.org>

docs/user-guide/nginx-configuration/configmap.md

@@ -209,6 +209,7 @@ The following table shows a configuration option's name, type, and the default v
 |[syslog-host](#syslog-host)| string       | ""                                                                                                                                                                                                                                                                                                                                                           ||
 |[syslog-port](#syslog-port)| int          | 514                                                                                                                                                                                                                                                                                                                                                          ||
 |[no-tls-redirect-locations](#no-tls-redirect-locations)| string       | "/.well-known/acme-challenge"                                                                                                                                                                                                                                                                                                                                ||
+|[global-allowed-response-headers](#global-allowed-response-headers)|string|""||
 |[global-auth-url](#global-auth-url)| string       | ""                                                                                                                                                                                                                                                                                                                                                           ||
 |[global-auth-method](#global-auth-method)| string       | ""                                                                                                                                                                                                                                                                                                                                                           ||
 |[global-auth-signin](#global-auth-signin)| string       | ""                                                                                                                                                                                                                                                                                                                                                           ||
@@ -1285,6 +1286,10 @@ Sets the port of syslog server. _**default:**_ 514
 A comma-separated list of locations on which http requests will never get redirected to their https counterpart.
 _**default:**_ "/.well-known/acme-challenge"
 
+## global-allowed-response-headers
+
+A comma-separated list of allowed response headers inside the [custom headers annotations](https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md#custom-headers)
+
 ## global-auth-url
 
 A url to an existing service that provides authentication for all the locations.