Remove Accept-Charset from forbidden request headers

Apparently gotosocial uses it for profile discovery.

docker/conf/modsecurity/crs/crs-setup.conf

@@ -428,13 +428,13 @@ SecAction \
 # Blocking Proxy header prevents 'httpoxy' vulnerability: https://httpoxy.org
 # Default: /proxy/ /lock-token/ /content-range/ /if/
 # Uncomment this rule to change the default.
-#SecAction \
-# "id:900250,\
-#  phase:1,\
-#  nolog,\
-#  pass,\
-#  t:none,\
-#  setvar:'tx.restricted_headers=/proxy/ /lock-token/ /content-range/ /if/'"
+SecAction \
+ "id:900250,\
+  phase:1,\
+  nolog,\
+  pass,\
+  t:none,\
+  setvar:'tx.restricted_headers=/content-encoding/ /proxy/ /lock-token/ /content-range/ /if/'"
 
 # File extensions considered static files.
 # Extensions include the dot, lowercase, enclosed by /slashes/ as delimiters.