feat: add security headers middleware

[deepsikha-dash]

Description

Added a middleware to inject security-related HTTP headers into responses.

• Adds Strict-Transport-Security header for HTTPS requests.
• Adds X-Frame-Options: DENY header to mitigate clickjacking attacks.
• Improves the default security posture of the backend.

Related Issue

Fixes #633

Type of change

• Bug fix
• New feature / enhancement
• Documentation update
• Test addition
• Refactor

Checklist

• I have read CONTRIBUTING.md
• My branch is up to date with main
• I have run pytest -v and all tests pass
• I have not introduced duplicate issues or features
• My PR title follows the format: feat/fix/docs/test: short description
• I have added tests for new features (Level 2 and 3 issues)
• No hardcoded secrets or API keys in my code
• This PR is linked to a GSSoC 2026 issue

Screenshots (if frontend change)

N/A

Test evidence

python -m compileall backend

Output:

Listing 'backend'...
Listing 'backend\\app'...
Compiling 'backend\\app\\main.py'...
Listing 'backend\\app\\routers'...
Listing 'backend\\app\\services'...
Listing 'backend\\app\\utils'...
Listing 'backend\\tests'...
Listing 'backend\\tests\\fixtures'...

[github-actions]

👋 This PR has had no activity for 7 days.

Please push updates or comment if you still need more time.

Inactive PRs may be closed automatically after 7 more days.