enforce fetch metadata headers being present

These are implemented in Chromium since July 2019, Firefox since July
2021 and Safari since March 2023.

src/main/java/app/attestation/server/AttestationServer.java

@@ -360,16 +360,14 @@ public void checkRequestHeaders(final HttpExchange exchange) throws GeneralSecur
             if (!"application/json".equals(getRequestHeaderValue(exchange, "Content-Type"))) {
                 throw new GeneralSecurityException();
             }
-            final String fetchMode = getRequestHeaderValue(exchange, "Sec-Fetch-Mode");
-            if (fetchMode != null && !fetchMode.equals("same-origin")) {
+            if (!"same-origin".equals(getRequestHeaderValue(exchange, "Sec-Fetch-Mode"))) {
                 throw new GeneralSecurityException();
             }
-            final String fetchSite = getRequestHeaderValue(exchange, "Sec-Fetch-Site");
-            if (fetchSite != null && !fetchSite.equals("same-origin")) {
+            if (!"same-origin".equals(getRequestHeaderValue(exchange, "Sec-Fetch-Site"))) {
                 throw new GeneralSecurityException();
             }
-            final String fetchDest = getRequestHeaderValue(exchange, "Sec-Fetch-Dest");
-            if (fetchDest != null && !fetchDest.equals("empty")) {
+            final String fetchDest = ;
+            if (!"empty".equals(getRequestHeaderValue(exchange, "Sec-Fetch-Dest"))) {
                 throw new GeneralSecurityException();
             }
         }