Add security headers

[philpursglove]

Looking at our SecurityHeaders report we're currently getting an F - this PR is to add a number of the headers we're currently missing and also remove the ASP.NET version headers. Once this is merged I'll add issues for Content Security Policy/Feature Policy/Referer Policy.

[adrianbanks]

Seems like a useful change. 👍