`StrictHttpFirewall#setAllowedHeaderNames` should augment with existing `Predicate`

[gourav]

Expected Behavior
StrictHttpFirewall#setAllowedHeaderNames either should augment the existing predicate with Predicate#and or provide addAllowHeaderNames to allow augmenting it to current predicate, so that I get to retain default protection provided by StrictHttpFirewall.

Current Behavior
The current implementation rejects any Request with non-ascii characters. Current implementation of StrictHttpFirewall#setAllowedHeaderNames replaces predicate, making me lose out to default protection.

I am willing to provide a PR for this should this be accepted as valid request.

[jzheaux]

Thanks for the suggestion, @gourav. To leave setAllowedHeaderNames passive, I prefer your second suggestion to add addAllowHeaderNames.

Can you add the same for header values, parameter names, and parameter values?

[gourav]

Sure. Let me come up with changes for review.