feat: add security headers for Cloudflare

apps/website/static/_headers

@@ -0,0 +1,11 @@
+/*
+  X-Content-Type-Options: nosniff
+  X-Frame-Options: SAMEORIGIN
+  X-XSS-Protection: 1; mode=block
+  Referrer-Policy: no-referrer-when-downgrade
+  Permissions-Policy: document-domain=()
+  Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
+  Feature-Policy: geolocation 'self'
+
+/:all*(woff2?|jpe?g|png|gif|svg|js|xml|txt|json|css|mp4|webm|avif)
+  Cache-Control: public, max-age=31536000, immutable