Add secure headers

See the securityheaders.com report, some security headers are missing.

django-csp needs to be packaged in our repos to be enabled and configured for Content-Security-Policy.

Edited by Jelle van der Waa