osbuild-composer: Set ReadHeaderTimeout to 5s

This satisfies the linter complaint about potential Slowloris attack
where headers are read slowly in an attempt to DoS the server.

The uses of ListenAndServe are only for testing purposes and are not run
in the production server so ignore the lint errors in
osbuild-mock-openid-provider.

cmd/osbuild-composer/composer.go

@@ -220,8 +220,9 @@ func (c *Composer) Start() error {
 
 	if c.localWorkerListener != nil {
 		localWorkerAPI = &http.Server{
-			ErrorLog: c.logger,
-			Handler:  c.workers.Handler(),
+			ErrorLog:          c.logger,
+			Handler:           c.workers.Handler(),
+			ReadHeaderTimeout: 5 * time.Second,
 		}
 
 		go func() {
@@ -251,8 +252,9 @@ func (c *Composer) Start() error {
 			}
 		}
 		remoteWorkerAPI = &http.Server{
-			ErrorLog: c.logger,
-			Handler:  handler,
+			ErrorLog:          c.logger,
+			Handler:           handler,
+			ReadHeaderTimeout: 5 * time.Second,
 		}
 
 		go func() {
@@ -296,8 +298,9 @@ func (c *Composer) Start() error {
 		}
 
 		composerAPI = &http.Server{
-			ErrorLog: c.logger,
-			Handler:  handler,
+			ErrorLog:          c.logger,
+			Handler:           handler,
+			ReadHeaderTimeout: 5 * time.Second,
 		}
 
 		go func() {

cmd/osbuild-mock-openid-provider/main.go

@@ -149,6 +149,7 @@ func main() {
 		w.Header().Set("Content-Type", "application/json")
 	})
 
+	//nolint:gosec
 	if tlsCert != "" && tlsKey != "" {
 		log.Fatal(http.ListenAndServeTLS(addr, tlsCert, tlsKey, mux))
 	} else {

internal/weldr/api.go

@@ -276,7 +276,10 @@ func setupRouter(api *API) *API {
 }
 
 func (api *API) Serve(listener net.Listener) error {
-	api.server = http.Server{Handler: api}
+	api.server = http.Server{
+		Handler:           api,
+		ReadHeaderTimeout: 5 * time.Second,
+	}
 
 	err := api.server.Serve(listener)
 	if err != nil && err != http.ErrServerClosed {