feat: add security headers middleware (#315)
Implements basic HTTP security headers as requested in #205.
Headers added:
- X-Content-Type-Options: nosniff
- X-Frame-Options: DENY
- X-XSS-Protection: 1; mode=block
- Referrer-Policy: strict-origin-when-cross-origin
- Strict-Transport-Security (in production)
authored by