This can help debug misconfigurations, where it's useful to know whether a 404 response is due to a configuration issue in some upstream proxy (load balancer, gateway, etc) or due to an actual bad request to go-httpbin.

A few small improvements to the test suite:
- Ensure `/stream` and `/stream-bytes` endpoints actually use
`Transfer-Encoding: chunked`, instead of inferring/hoping based on
Content-Length header
- Explicitly test that `/drip` actually does sleep between writing
bytes, rather than inferring that it does based on entire response
duration

Make the error message when a forbidden destination is given to
`/redirect-to`, to help users better understand what allowed usage looks
like. Motivated by #103.

Before: 

```
$ curl http://localhost:8080/redirect-to?url=https://google.com
Forbidden redirect URL. Be careful with this link.
```

After:

```
$ curl http://localhost:8080/redirect-to?url=https://google.com
Forbidden redirect URL. Please be careful with this link.

Allowed redirect destinations:
- example.com
- example.org
```

This is a very small improvement to developer ergonomics.

The `/redirect-to` endpoint currently acts as an open redirect, which is
bad for any go-httpbin instance exposed to the public internet.

This allows configuring an allowlist of domains to which traffic can be
redirected.

Instead of serializing JSON to a temporary slice of bytes before writing
to the response, instead write directly to the response.

Also, pretty-print JSON responses for better readability (and to match
httpbin).

Note: With this change, we rely much more on the underlying net/http
server's implicit handling of the Content-Length header. One notable
side effect of this is that responses to HEAD requests no longer include
a Content-Length.

- Handle bodies for GET requests to the /anything endpoint
- Do not encode HTML tags in serialized JSON

We were not explicitly testing the behavior of some HTTP verb endpoints
like /put and /patch, because they currently share an underlying handler
with /post which is thoroughly tested.

The addition of the /anything endpoint in #83 made me realize a bit more
explicit test coverage would be good, so here we're landing a bit of a
refactoring of the test suite to generate tests for all of those
endpoints.

Along the way, we also improve compatibility with the original httpbin
implementation by tricking the stdlib net/http machinery into parsing
request bodies for DELETE requests.

This adds a new /hostname endpoint as originally proposed in #66. In
this implementation, it exposes a dummy hostname by default, and only
exposes the real hostname (via `os.Hostname()`) if the
`-use-real-hostname` flag is given on the command line.

* Fix installation of deps

* Rebuild static assets w/ newest go-bindata

* Update go versions for CI

* Fix deploy on merge

* Bump golangci-lint version