HTTP security headers for Python web applications

Resubmitting this after a significant refactor.

The library has shifted toward a middleware-first pattern for ASGI and WSGI apps, with clearer default presets and a smaller API surface. The goal is to keep header policy centralized and avoid drift across routes or framework-specific code.

It also adds optional validation when composing policies dynamically.