Apply specific headers for portal endpoints

[JohnNiang]

What type of PR is this?

/kind improvement
/area core

What this PR does / why we need it:

This PR separates security configuration of RESTful APIs and portal pages to configure specific headers for portal pages, such as Referrer-Policy and X-Frame-Options.

Which issue(s) this PR fixes:

Fixes #2900

Special notes for your reviewer:

You can see the response headers of index page:

HTTP/1.1 200 OK
Content-Type: text/html
Content-Language: en-US
+ X-Content-Type-Options: nosniff
+ X-Frame-Options: SAMEORIGIN
+ X-XSS-Protection: 0
+ Referrer-Policy: strict-origin-when-cross-origin
content-encoding: gzip
content-length: 4285

and request headers with Referer:

GET / HTTP/1.1
Host: localhost:8090
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:107.0) Gecko/20100101 Firefox/107.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
+ Referer: http://localhost:8090/archives/12341234
Connection: keep-alive
Cookie: _ga_Z907HJBP8W=GS1.1.1670164888.1.1.1670165603.0.0.0; _ga=GA1.1.807839437.1670164889; SESSION=539e060e-c11e-4b6d-a749-882905b30a88; XSRF-TOKEN=4b692b55-638c-4497-8a4b-be00986eda90
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1

Does this PR introduce a user-facing change?

解决访问分析工具无法显示 referer 的问题

[ruibaby]

/lgtm

[ruibaby]

/lgtm

[guqing]

/approve

[f2c-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: guqing

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [guqing]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[guqing]

/lgtm