Adds X-Frame-Options, X-Content-Type-Options, and Referrer-Policy headers to all responses served by Caddy to mitigate clickjacking and MIME-type sniffing.