Properly set the iframing headers

[ghost]

• Use more_set_headers for the X-Frame-Options: ALLOW-FROM, because we actually need to replace the SAMEORIGIN option which is already set. Note that this directive is obsolete and is used only for old browser support purpose.
• Add an additional Content-Security-Policy header with the correct content. This header is the one checked by modern browsers (such as Firefox or Chrome) to allow iframing.

[alexAubin]

(Note that the x-frame-option thing was fixed in https://github.com/YunoHost-Apps/onlyoffice_ynh/pull/39 )