Function security_headers 

pub async fn security_headers(request: Request, next: Next) -> Response

Add security headers to all responses.

Headers added:

• X-Content-Type-Options: nosniff - Prevent MIME sniffing
• X-Frame-Options: DENY - Prevent clickjacking
• X-XSS-Protection: 1; mode=block - Legacy XSS protection
• Content-Security-Policy: default-src 'none' - Strict CSP
• Cache-Control: no-store - Prevent caching of sensitive data
• Referrer-Policy: strict-origin-when-cross-origin - Control referrer info