ci: Verify production servers using /api/v1/server_settings.

The previous commit changed our response for the root domain on a
self-hosted Zulip server containing no realms to be a 404.

This made the HTTP headers verification done here less robust than
would be ideal, in that one could imagine a bug that makes every URL
404 passing that test.

So we instead change the check to verify the /server_settings API,
which doesn't have that problem.

tools/ci/production-verify

@@ -92,10 +92,10 @@ fi
 
 # TODO: Ideally this would test actually logging in, but this is a start.
 echo
-echo "Now testing that the newly installed server's homepage loads"
+echo "Now testing that the newly installed server's settings endpoint loads"
 echo
 
-curl -ILk https://localhost -o /tmp/http-headers
+curl -ILk https://localhost/api/v1/server_settings -o /tmp/http-headers
 grep -vi -e '^content-length:' -e '^date:' -e '^expires:' -e '^set-cookie:' /tmp/http-headers >/tmp/http-headers-processed
 
 nginx_version="$(nginx -v 2>&1)"

tools/ci/success-http-headers.template.txt

@@ -1,9 +1,14 @@
-HTTP/2 404 
+HTTP/2 200 
 server: {nginx_version_string}
-content-type: text/html; charset=utf-8
+content-type: application/json
 vary: Accept-Encoding
 vary: Accept-Language, Cookie
 content-language: en
 strict-transport-security: max-age=15768000
 x-frame-options: DENY
+x-content-type-options: nosniff
+x-xss-protection: 1; mode=block
+access-control-allow-origin: *
+access-control-allow-headers: Authorization
+access-control-allow-methods: GET, POST, DELETE, PUT, PATCH, HEAD