Merge branch 'main' into glitch-soc/merge-upstream

Conflicts:
- `config/environments/production.rb`:
  Upstream changed a header but we had different default headers.
  Applied the same change, and also dropped HSTS headers redundant with
  Rails'.

config/environments/production.rb

@@ -118,10 +118,9 @@ Rails.application.configure do
     'Server'                  => 'Mastodon',
     'X-Frame-Options'         => 'DENY',
     'X-Content-Type-Options'  => 'nosniff',
-    'X-XSS-Protection'        => '1; mode=block',
+    'X-XSS-Protection'        => '0',
     'Permissions-Policy'      => 'interest-cohort=()',
     'Referrer-Policy'         => 'same-origin',
-    'Strict-Transport-Security' => 'max-age=63072000; includeSubDomains; preload',
     'X-Clacks-Overhead' => 'GNU Natalie Nguyen'
   }