Set a number of security headers on all responses from NGINX:
Content-Security-Policy
Cross-Origin-Embedder-Policy
Cross-Origin-Opener-Policy
Cross-Origin-Resource-Policy
Origin-Agent-Cluster
Referrer-Policy
X-Content-Type-Options
X-Download-Options
X-Frame-Options
X-XSS-Protection
What issues does this PR close? N/A
### Checklist
- [x] The PR title is short and expressive.
- [x] I have updated the CHANGELOG.md. See [changelog_update.md](https://github.com/sovity/authority-portal/tree/main/docs/dev/changelog_updates.md) for more information.
- [ ] I have updated the Deployment Migration Notes Section in the CHANGELOG.md for any configuration / external API changes.
- [x] I have performed a **self-review**
Set a number of security headers on all responses from NGINX:
What issues does this PR close? N/A