Separate max_header_value_len for specific headers

The authorization header can get very large tokens for example. Cookies might too. So it makes sense to have a header-specific limit for these as it allows us to have an exception and expect smaller headers for everything else.