Adds security-related headers to J2 templates

[btelnes]

What does this PR do? Please provide some context

Adds the following security-related headers:
• x-content-type-options: nosniff
• x-frame-options: SAMEORIGIN
• x-xss-protection: 1; mode=block
• x-content-security-policy (restricted to Open EdX required domains)
Where should the reviewer start?

secure_headers.j2
How can this be manually tested? (brief repro steps and corpnet-URL with change)

Install STAMP, navigate to LMS/CMS and view response headers within a network trace.
What are the relevant TFS items? (list id numbers)
Definition of done:

Title of the pull request is clear and informative
Add pull request hyperlink to relevant TFS items
For large or complex change: schedule an in-person review session
This change has appropriate test coverage
Get at least two approvals

Reminders DURING merge

If you're merging from a short-term (feature) branch into a long-term branch (like dev, release, or master) then "Squash and merge" to keep our history clean.
If merging from two longterm branches (like cherry picks from upstream, dev to release, etc) then "Create merge commit" to preserve individual commits.

Configuration Pull Request
(For changes proposed to upstream)

Make sure that the following steps are done before merging

@devops team member has commented with +1
are you adding any new default values that need to be overridden when this goes live?
    Open a ticket (DEVOPS) to make sure that they have been added to secure vars.
    Add an entry to the CHANGELOG.