Enable web browser XSS protection via use of the X-XSS-Protection HTT…

[btelnes]

What does this PR do? Please provide some context

Enables web browser protection from reflected cross-site scripting attacks via use of the X-XSS-Protection HTTP response header
Where should the reviewer start?

Review the lms.j2, lms-preview.j2 and cms.j2 template files
How can this be manually tested? (brief repro steps and corpnet-URL with change)

Create a reflected XSS attack. Refer to https://www.owasp.org/index.php/Testing_for_Reflected_Cross_site_scripting_(OTG-INPVAL-001)
What are the relevant TFS items? (list id numbers)

Bug 104038
Definition of done:

Title of the pull request is clear and informative
Add pull request hyperlink to relevant TFS items
For large or complex change: schedule an in-person review session
This change has appropriate test coverage
Get at least two approvals

Reminders DURING merge

If you're merging from a short-term (feature) branch into a long-term branch (like dev, release, or master) then "Squash and merge" to keep our history clean.
If merging from two longterm branches (like cherry picks from upstream, dev to release, etc) then "Create merge commit" to preserve individual commits.

Configuration Pull Request
(For changes proposed to upstream)

Make sure that the following steps are done before merging

@devops team member has commented with +1
are you adding any new default values that need to be overridden when this goes live?
    Open a ticket (DEVOPS) to make sure that they have been added to secure vars.
    Add an entry to the CHANGELOG.