Add the ability of hiding server information. =>

[omar-m-othman]

There are some deployment environments that consider the leakage of software
type and/or version to be a security risk. This commit addresses the issue
by allowing an extra parameter to be passed to the server's constructor to
determine whether to add the "Server" header in the response (which we are
currently adding "obligatorily").

The issue was spawned by the "Dancer2" web framework -- a user of ours -- not
being able to hide the server's identity in their development environment
(in which we are the web server).

[coveralls]

Coverage increased (+0.01%) when pulling b90e50f on omar-m-othman:hiding_server_information into cf3e3db on plack:master.

[doy]

Can you add documentation and tests for this?

[xsawyerx]

I think no_server_tokens is not the canonical form, and perhaps server_tokens would be better.

That means it wouldn't be $params{'server_tokens'} || 0 because if someone sets server_tokens to zero, it will fail, so it should be a defined check.

[jidanni]

All I know is I am still seeing

$ HEAD http://localhost:3000/hello/Bob
200 OK
Date: Sat, 26 Oct 2019 23:09:10 GMT
Server: Perl Dancer2 0.208001
Server: Perl Dancer2 0.208001
Content-Length: 20
Content-Type: text/html; charset=UTF-8
Client-Date: Sat, 26 Oct 2019 23:09:10 GMT
Client-Peer: 127.0.0.1:3000
Client-Response-Num: 1

Same with GET. Seen with first example on Dancer2::Cookbook.
That's all I know.
I installed dancer2 on Debian and followed the example and that's what I see.
I was going to mention it in PerlDancer/Dancer2#594 but that is already fixed.