[minor] Prevent opening handshake headers from being overridden

Ensure that the `Connection`, `Sec-WebSocket-Key`,
`Sec-WebSocket-Version`, and `Upgrade` headers are not overridden.

Refs: #2048 (comment)

Author: lpinca

lib/websocket.js

@@ -713,11 +713,11 @@ function initAsClient(websocket, address, protocols, options) {
     ? parsedUrl.hostname.slice(1, -1)
     : parsedUrl.hostname;
   opts.headers = {
+    ...opts.headers,
     'Sec-WebSocket-Version': opts.protocolVersion,
     'Sec-WebSocket-Key': key,
     Connection: 'Upgrade',
-    Upgrade: 'websocket',
-    ...opts.headers
+    Upgrade: 'websocket'
   };
   opts.path = parsedUrl.pathname + parsedUrl.search;
   opts.timeout = opts.handshakeTimeout;