Add X-Takahe-User and X-Takahe-User-Identity headers to response, when available, to allow for better Nginx log enrichment.
Also drop these headers in Nginx so they aren't sent into the world. They probably aren't dangerous since they identfy the users _to themselves_ but strip it for now, just in case.