aurweb.asgi: add security headers middleware

This commit introduces a middleware function which adds
the following security headers to each response:

- Content-Security-Policy
- X-Content-Type-Options
- Referrer-Policy

They are then tested for existence in test/test_routes.py.

Note: The overcomplicated-looking asyncio behavior in the
middleware function is used to avoid a warning about the old
coroutine awaits being deprecated. See
https://docs.python.org/3/library/asyncio-task.html#asyncio.wait


for more detail.

Signed-off-by: Kevin Morris <kevr@0cost.org>