[FormRecognizer] Whitelist redacted headers for logging

[kinelski]

Fixes #11660.

Headers descriptions, grabbed from the internet and from internal sources:

• x-envoy-upstream-service-time: contains the time in milliseconds spent by the upstream host processing the request.
• apim-request-id: GUID request Id generated from APIM side.
• Strict-Transport-Security: lets a web site tell user agents that it should only be accessed using HTTPS, instead of using HTTP.
• X-Content-Type-Options: a marker used by the server to indicate that the MIME types advertised in the Content-Type headers should not be changed and be followed.

Location and Operation-Location headers expose the endpoint, which means resource names are exposed as well. Resource names are not considered PII and are safe to log.

EDIT: PR for adding query parameters here.