Http requests signed with the `hs2019` algorithm and without `(create)` http header should be acceptable

Version: 2.0.0-11
Install from: Alpine Linux package manager (apk)

The spec mentions (create) http headers as recommended, ktistec implements it as required:

Lines 80 to 82 in 648b463

    
           unless algorithm == "rsa-sha256" || "(created)".in?(split_headers_string) 
        
             raise Error.new("(created) header must be signed") 
        
           end

Other instances that have not implemented the (create) http header can not interact with ktistec instances.

Gotosocial issue: superseriousbusiness/gotosocial#2857

@LindsayZhou i changed this logic to follow the kind of validation that Mastodon does.

before i merge the change, i'd like to test it. i currently have it running at https://epiktistes.com/. do you have access to a gotosocial account and can you send a follow request from that account?

i pushed the changes in dd07bca

can you send a follow request from that account?

Sorry for the late reply. Fllow request is sent.

follow received and accept sent.

thank you! i think this resolves the issue.

https://moe.reisen/@lindsay/statuses/01J18TC8792KM32Z2YNSADXK99

The status becomes following. The bug is gone.
Thank you!

	unless algorithm == "rsa-sha256" \|\| "(created)".in?(split_headers_string)
	raise Error.new("(created) header must be signed")
	end