Test X-Frame-Options header for blog and wiki

[foolip]

The actual fix isn't tracked by version control, it is to add Header always set X-Frame-Options: "sameorigin" to /etc/apache2/conf-enabled/zz_local.conf on multicol.

Fixes https://github.com/whatwg/misc-server/issues/108.

[foolip]

I've already tested this live and reverted. I'll enable it live again right before I merge this.

[foolip]

Deployed and passing tests on master.

[domenic]

I remain sad about how portions of our server setup are not in version control.

[annevk]

@domenic are we tracking that somewhere, at least?

[foolip]

It isn't tracked anywhere, filed https://github.com/whatwg/misc-server/issues/112. Unfortunately, the only way of having any confidence that a setup would work is by setting it up from scratch. And since it includes a database, that data wouldn't be tracked anywhere except in VM backups.

To reduce the maintenance by a lot, we'd need to use a managed database solution and put the blog+wiki setup in a Dockerfile, or transition both to something that requires only static hosting. But for the latter I have low confidence that any existing tools would convert markup with enough fidelity, so the bulk of the work would be in verifying the transition, not in making it.