Add maximum request duration (timeouts) for all requests except actual monitor and events requests

[akshya96]

Description

Jira: https://hashicorp.atlassian.net/browse/VAULT-27443

The code attempts to add a maximum request duration timeout to all requests except for sys/monitor and sys/events because those are streaming requests that should not time out. However, the checks are performed with the strings.HasSuffix and strings.Contains functions. These functions do not ensure that the URL path is pointing to those endpoints, only that those strings are part of the URL path.

Issue:
We can always send requests to create secrets/ read secrets on kv/sys/monitor or kv/sys/events endpoints (We can only create these on kv v1 and not on kv v2 but this issue is only related to the request sent and not the action taken based on the request).

Request.URL.Path for these requests look like /v1/kv/sys/monitor and /v1/kv/sys/events
With the existing changes, maximum request duration timeout will not be added to these requests.

The actual request.URL.path for sys/monitor looks like "v1/sys/monitor" and this is also already being used in handler.go to handle patterns with mux.Handle.

The actual request.URL.path for sys/events look like /v1/sys/events/subscribe/{eventType}.
Example: /v1/sys/events/subscribe/kv*

TODO only if you're a HashiCorp employee

• Backport Labels: If this PR is in the ENT repo and needs to be backported, backport
  to N, N-1, and N-2, using the backport/ent/x.x.x+ent labels. If this PR is in the CE repo, you should only backport to N, using the backport/x.x.x label, not the enterprise labels.
  • If this fixes a critical security vulnerability or severity 1 bug, it will also need to be backported to the current LTS versions of Vault. To ensure this, use all available enterprise labels.
• ENT Breakage: If this PR either 1) removes a public function OR 2) changes the signature
  of a public function, even if that change is in a CE file, double check that
  applying the patch for this PR to the ENT repo and running tests doesn't
  break any tests. Sometimes ENT only tests rely on public functions in CE
  files.
• Jira: If this change has an associated Jira, it's referenced either
  in the PR description, commit message, or branch name.
• RFC: If this change has an associated RFC, please link it in the description.
• ENT PR: If this change has an associated ENT PR, please link it in the
  description. Also, make sure the changelog is in this PR, not in your ENT PR.

[github-actions]

CI Results:
All Go tests succeeded! ✅

[github-actions]

Build Results:
All builds succeeded! ✅

[VioletHynes]

Looks good! There's a small typo we should fix that I added a suggestion for, but otherwise a nice, elegant fix.

Before merging this, can you clarify if we have test coverage in this area today? I want to believe we do, but if not, we should add some!

[ccapurso]

Looks good!

[akshya96]

Removing backporting labels here as this has low severity according to security ticket https://hashicorp.atlassian.net/browse/SECVULN-7384 and is also not a sev1 bug