feat: Add additional security headers and disable X-Powered-By

Based on comparison with Condenser (hive.blog, wallet.hive.blog):

- Add X-DNS-Prefetch-Control: off (privacy protection)
- Add X-Download-Options: noopen (IE security)
- Set poweredByHeader: false (don't expose Next.js)
- Update documentation with new headers

These headers match what Condenser wallet currently sets.