Correct a comment in drupal_settings_initialize()

drupal_settings_initialize() contains the following comment.

// HTTP_HOST can be modified by a visitor, but we already sanitized it
// in drupal_settings_initialize().

$_SERVER['HTTP_HOST'] is sanitized in drupal_environment_initialize(), not drupal_settings_initialize(). The correct comment would be:

// HTTP_HOST can be modified by a visitor, but we already sanitized it
// in drupal_environment_initialize().