Adds a new optional setting called json prefix for prefixing a value to the body of json responses in order to prevent json hijacking.
Could technically be external middleware, but seems simple enough to live inside .json() like the rest of the json settings.
Adds a json prefix setting.
tempted to leave this one as middleware, for us at least it's nice to do apply conditionally so api consumers that aren't browsers don't have to worry about stripping the prefix
that makes sense.