Add E2E tests for security headers

- Implemented tests to verify OWASP-compliant security headers, including X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy, and Content-Security-Policy.
- Ensured deprecated headers like X-XSS-Protection are not set.
- Validated security headers across multiple routes.
- Updated Playwright configuration to include the new test suite.

frontend/playwright.config.ts

@@ -113,6 +113,7 @@ export default defineConfig({
         /auth-flows\.spec\.ts/,
         /auth-oauth\.spec\.ts/,
         /theme-toggle\.spec\.ts/,
+        /security-headers\.spec\.ts/,
       ],
       use: { ...devices['Desktop Chrome'] },
     },