fix: prevent browser content type sniffing

Author: ReeceHoffmann

virtool/api/headers.py

@@ -7,10 +7,11 @@
 
 @middleware
 async def headers_middleware(req, handler):
-    """Middleware that adds the current version of the API to the response."""
+    """Middleware that appends static headers to the response."""
     resp = await handler(req)
     resp.headers["X-Virtool-Version"] = req.app["version"]
     resp.headers["Server"] = "Virtool"
+    resp.headers["X-Content-Type-Options"] = "nosniff"
 
     return resp