Add function to set a custom http client to the duo api

[artemkresling]

Hi from 1Password!

We are looking at add a function that we can use to override the default http client used by this duo package. Internally we have a configured http client that rejects certain calls based on specific security rules that we set. We have validation that ensures we only call out to a duo domain when using this package, but we like to have additional mitigations in place that may prevent any malicious calls to internal hosts.

Please let me know if this approach works for your team or if a different approach would be preferred.

[mbish]

I don't think this change is a good fit for this repo for a number of reasons

1. This is a reference implementation showing how to interact with Duo services from the Go programming language. It is intentionally opinionated and adding flexibility here would hinder the project's clarity.
2. Transport creation isn't separated out as nicely as it is in duo_universal_golang so anyone who called SetCustomHTTPClient would have to make sure they were using an appropriately constructed transport in the client otherwise they would negate the cert-pinning protection which would otherwise be provided by default.

It possible that with some refactoring of this project a custom HTTP client might be supported in the future but we'd still have to think about (1) and whether it's worth the added complexity.

[artemkresling]

Am I understanding correctly that you would not like a solution similar to the duo_universal_golang package where the client is added as part of the constructor builder patter? I am happy to change the implementation of that to be similar. You already provide the option of changing the transport within the constructor here.

[mbish]

Yeah I see that now in SetTransport. Okay that being the case I'll merge this as is for the sake of keeping things simple in this repo.