Allow passing customer headers from the CLI

[jeremyoverman]

Feature description

The Infisical CLI should support sending custom HTTP headers with requests, such as Cf-Access-Client-Id and Cf-Access-Client-Secret, to facilitate authentication when the Infisical server is protected by a reverse proxy or Cloudflare Access.

Why would it be useful?

This feature would allow users to seamlessly integrate the Infisical CLI with security solutions like Cloudflare Access, which require custom headers for authentication. It would enable users to interact with their Infisical instance in environments where external authentication layers are in place, without needing to bypass or weaken security measures. This would improve compatibility and enhance usability for users with advanced networking setups.

Additional context

Currently, when the Infisical server is protected by Cloudflare Access, the CLI cannot pass the required authentication headers (Cf-Access-Client-Id and Cf-Access-Client-Secret) to gain access. This limitation forces users to use workarounds such as bypass policies, which may not align with their security requirements. Supporting custom headers would provide a more secure and flexible solution.

[akhilmhdh]

Very interesting! Need to explore more about this and the recommended way other CLI execute it.

[nayyara-airlangga]

We can use Vault's CLI as an example. They support this in two ways in which we can try to do:

1. Using multiple --header flags in the format of headername:headervalue to specify the custom headers. Link to PR
2. Using an environment variable such as INFISICAL_CUSTOM_HEADERS and specify the headers as INFISICAL_CUSTOM_HEADERS=headername1:headervalue1 headername2:headervalue2 where the headers are separated by spaces. Link to PR

I think the first approach might be good to prioritize. I'd be interested to pick this one up if you don't mind @akhilmhdh