This fixes a security issue that can be exploited to inject arbritrary debs
or other files into a signed repository as followed:
(1) Server sends a redirect to somewhere%0a<headers for the apt method> (where %0a is
(2) apt method decodes the redirect (because the method encodes the URLs before
sending them out), writting something like
into its output
(3) apt then uses the headers injected for validation purposes.