version 2.6.0

Changes:

• #33 add --cookie-path config option
• #42 add --xheaders config option (set false to disable trust of X-Real-IP request header)
• #37 more robust handling of the original app url to redirect to after auth callback
• #20 add Bitbucket provider
• add nsswitch.conf to docker image to make netgo resolver use /etc/hosts first
• minor updates to build and test scripts, README, example config

Fixes:

• #37 check for /\ redirects (see GHSA-qqxw-m5fj-f7gv)
• #38 filter out headers which oauth2_proxy is responsible for (if not overwriting them)
• #32 improve websocket support with Hijack() method
• #40 GitHub provider: always pass token in header (remove last use of deprecated query param)
• #31 #41 GitHub provider: require verified email, prefer primary
• #36 GitLab provider: honor --scope option when using groups