Django provides a middleware for setting up various security options.

The vast majority of these are things that are highly dependent on the

particulars of the deployment, but using any of them require the

middleware to be enabled. With this, server admins could set up things

like HSTS or referrer policies by setting the relevant keys in their

settings_local.py file.
This change adds it to our middleware, and turns on

X-Content-Type-Options: nosniff, which is harmless to our normal usage,

and can prevent a bunch of complaining from some security scanning

tools.

Ran unit tests.
Loaded a page and verified that the nosniff header was now present.