fix: remove CSP headers causing ERR_BLOCKED_BY_ORB (v0.6.9)

- Remove Content-Security-Policy that blocked cross-origin image loading
- Remove X-Frame-Options: DENY (too strict for file CDN)
- Remove X-XSS-Protection (deprecated header)
- Keep minimal security headers: nosniff, Referrer-Policy, HSTS
- CORS now works without conflicts for browser image requests

Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "quoter"
-version = "0.6.8"
+version = "0.6.9"
 edition = "2024"
 
 [dependencies]
@@ -15,12 +15,12 @@ redis = { version = "0.32.7", features = ["tokio-comp"] }
 tokio = { version = "1.47.1", features = ["rt-multi-thread", "macros", "fs", "net"] }
 serde = { version = "1.0.228", features = ["derive"] }
 sentry-actix = { version = "0.43", default-features = false }
-aws-sdk-s3 = { version = "1.106.0", default-features = false, features = ["rt-tokio", "rustls"] }
+aws-sdk-s3 = { version = "1.107.0", default-features = false, features = ["rt-tokio", "rustls"] }
 image = { version = "0.25.8", default-features = false, features = ["jpeg", "png", "webp", "tiff"] }
 mime_guess = "2.0.5"
 md5 = "0.8.0"
 url = "2.5.7"
-aws-config = { version = "1.8.6", default-features = false, features = ["rt-tokio", "rustls"] }
+aws-config = { version = "1.8.7", default-features = false, features = ["rt-tokio", "rustls"] }
 actix-multipart = "0.7.2"
 log = "0.4.28"
 env_logger = "0.11.8"