feat(security): add configurable default HTTP security headers

[fiandev]

Add Security Headers Middleware

This PR adds a setSecurity method to the Gaman class that allows configuring security headers for all responses.
Changes

• New SecurityOptions interface in src/types.ts with support for:
  • contentSecurityPolicy - CSP header
  • xFrameOptions - X-Frame-Options header
  • hsts - Strict-Transport-Security with maxAge, includeSubDomains, preload
  • noSniff - X-Content-Type-Options
  • referrerPolicy - Referrer-Policy header
  • xssFilter - X-XSS-Protection header
  • crossOriginOpenerPolicy - COOP header
  • crossOriginEmbedderPolicy - COEP header
  • crossOriginResourcePolicy - CORP header
  • cacheControl - Cache-Control header
  • xPermittedCrossDomainPolicies - X-Permitted-Cross-Domain-Policies
  • xDownloadOptions - X-Download-Options
• New setSecurity(options) method - Store security options
• Updated mountServer() - Added optional security parameter to apply security headers on server start
• Updated handleResponse() - Applies security headers to all responses
• Renamed ambiguous variable - Changed h to httpConfig in mountServer

How it's looks like:

const app = new Gaman();
		
app.setSecurity({
	xFrameOptions: 'DENY',
	noSniff: true,
});

also can be like this:

const app = new Gaman();
app.mountServer({ http: 3431 }, { xFrameOptions: 'DENY', noSniff: true });

Ref: #47

[fiandev]

@angga7togk bruh di local aman jir test case nya

[angga7togk]

udah di test kah banh ?

[fiandev]

udah di test kah banh ?

dilocal aman cik