Develop an explicit HTTP redirection policy.

Develop an explicit HTTP redirection policy.

The Mastodon dev system runs its streaming API on a different port of
its VM. So you need to be able to follow an HTTP redirect from
http://mastodon.local to http://mastodon.local:4000 and still pass the
same auth token to that server.

But in general, one should not keep authentication configuration when
traversing a cross-site redirection! reqwest's automated redirect
following won't do it at all, and rightly so.

So I've written a custom redirection policy which allows _same_-host
redirection (just in case something turns out to need it), and doesn't
follow cross-site redirection (which would in general be useless
anyway because of this auth issue). And when setting up the streaming
API in particular, we catch the unfollowed redirection, vet it very
carefully (against the official streaming API location which the
instance happily advertises in its configuration record), and if we're
satisfied, make a fresh request to the target URL which _does_ pass
the same authentication.

As a result, now we can do streaming to the Mastodon dev instance,
which the Python version of this client _never_ managed!