Default headers example AUTH_TOKEN comment (axios#3539)

* Updating the 'Global axios defaults' README to use a safer example

The existing example usage it isn't safe in the general case as it can
lead to auth tokens being leaked to 3rd party endpoints by unexpectedly.

This change instead gives an example using
"axios.defaults.headers.common" to set the User-Agent, which is an
equally helpful use-case to document.

The 'Custom instance defaults' example just below the 'Global axios
defaults' example shows a method to set the 'Authorization' header
specific to a given API. I've also updated the variable in the 'Custom
instance defaults' code to use a semantically more relevant name within
that example.

* Revert the example instance name in response to PR request

* Reintroduce the Authorization example with a disclaimer about its usage

* Update wording nb -> important on usage comment

* Remove User-Agent example due to issues with this on Chrome and Safari

See axios#1231
Credit @chinesedfan for pointing this out

README.md

@@ -510,7 +510,11 @@ You can specify config defaults that will be applied to every request.
 
 ```js
 axios.defaults.baseURL = 'https://api.example.com';
+
+// Important: If axios is used with multiple domains, the AUTH_TOKEN will be sent to all of them.
+// See below for an example using Custom instance defaults instead.
 axios.defaults.headers.common['Authorization'] = AUTH_TOKEN;
+
 axios.defaults.headers.post['Content-Type'] = 'application/x-www-form-urlencoded';
 ```