fix: Noble honors session-default headers and timeout like CurlCffi

noble_tls.Session takes neither headers nor timeout in its constructor, and Noble.create_session forwarded only client+kwargs, so TLSSession(backend=Noble(...), headers=...) silently dropped the headers while CurlCffi passed them through. create_session now applies headers via session.headers.update and sets timeout_seconds after construction. verified against the contract with a stubbed noble_tls; the real Go-lib + a live request remain an untested gap (noble_tls not installable in this env).

Signed-off-by: disqualifier <dev@disqualifier.me>

src/aioweb_tls/backends.py

@@ -170,8 +170,19 @@ class Noble:
             self._updated = True
 
     def create_session(self, headers, timeout, **kwargs):
-        """build the noble_tls Session"""
-        return noble_tls.Session(client=self.client, **kwargs)
+        """build the noble_tls Session, honoring session-default headers + timeout
+
+        noble_tls.Session takes neither headers nor timeout in its constructor, so
+        aioweb's session-default headers (and the coerced timeout) are applied after
+        construction — matching CurlCffi, which passes both through. without this a
+        TLSSession(backend=Noble(...), headers=...) would silently drop the headers.
+        """
+        session = noble_tls.Session(client=self.client, **kwargs)
+        if headers:
+            session.headers.update(headers)
+        if timeout is not None:
+            session.timeout_seconds = timeout
+        return session
 
     async def raw_request(self, session, method, url, **kwargs) -> Response:
         """send via noble_tls and adapt the result into an aioweb.Response"""