`x-client-data` header should not be sent in requests

Test plan

1. Visit youtube.com and open a video
2. Open browser dev tools
3. Go to network tab
4. Reload page
5. Inspect the original request and look for headers. You should NOT see an x-client-data header. Prior versions (and versions without this fix) will be sending the header

Updated Issue Description (notes from @bsclifton)

Visiting sites like youtube.com will show a x-client-data header. This wasn’t in Brave for a long time because we didn’t use the variations server. This showed itself recently since we did recently create a Brave-specific variations server. This header should be disabled.

Original Issue Description

There is an ongoing conversation about the Chrome/Chromium x-client-data header here https://github.com/bromite/bromite/issues/480 and here https://github.com/w3ctag/design-reviews/issues/467#issuecomment-581944600

Does Brave Desktop/Android send a unique client ID (x-client-data) to Google properties (google.com etc)? This is considered a “backdoor” for Google (and google only!) to track users even without cookies.

If Brave sends this header - can it be removed?
If Brave doesn’t send this header - maybe worth mentioning in some privacy features list?