fix(core): Fix polynomial regex vulnerability

Fixes https://github.com/vendure-ecommerce/vendure/security/code-scanning/19

packages/core/src/api/common/extract-session-token.ts

@@ -35,7 +35,7 @@ function getFromCookie(req: Request): string | undefined {
 function getFromHeader(req: Request): string | undefined {
     const authHeader = req.get('Authorization');
     if (authHeader) {
-        const matches = authHeader.match(/bearer\s+(.+)$/i);
+        const matches = authHeader.match(/bearer\s(.+)$/i);
         if (matches) {
             return matches[1];
         }