http2: use ASCII space trimming for parsing Trailer header

Security hardening against HTTP request smuggling recommended by an
external reporter.

Change-Id: I58cba9aa508eca1ae83c3bcf33858b7ba06ca583
Reviewed-on: https://go-review.googlesource.com/c/net/+/231437
Reviewed-by: Brad Fitzpatrick <[email protected]>

Author: FiloSottile

http2/server.go

@@ -2058,7 +2058,7 @@ func (sc *serverConn) newWriterAndRequestNoBody(st *stream, rp requestParam) (*r
 	var trailer http.Header
 	for _, v := range rp.header["Trailer"] {
 		for _, key := range strings.Split(v, ",") {
-			key = http.CanonicalHeaderKey(strings.TrimSpace(key))
+			key = http.CanonicalHeaderKey(textproto.TrimString(key))
 			switch key {
 			case "Transfer-Encoding", "Trailer", "Content-Length":
 				// Bogus. (copy of http1 rules)