Comment 4 for bug 1998625

Patch makes sense -- I have a few notes, and a fresh patch:

- The added functional tests assume they are running on the proxy under test -- would it be better to probe for /etc/swift/swift.conf than some temp file?

- Is it expected that 3 of 5 added tests pass without the fix? I think I understand the server-side validation we have that prevent the XXE vulnerability on those APIs, but want to make sure this was intended.

- The added logging may get noisy -- as a general rule, I tend to worry about adding server warnings for bad client behavior. Emitting a new counter metric might be better? I'm content to leave it, though; it's no worse than our client-disconnect behavior.