Deprecate usage of X-Download-Options header

[evilaliv3]

With this ticket I would like to propose the deprecation of the usage of the X-Download-Options header that was actually supported only by IE and introduced in IE8 to fix their own broken download implementation.

Any up to date browser, including IE and Edge now does safely implement the noopen policy on file download while using the standard header Content-Disposition: attachment: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Disposition

Considering that we do not target any IE browser (expecially IE 8 o IE9) we could safely remove the header that represents just an overhead.

This ticket follows the same evaluation applied to the GlobaLeaks project: globaleaks/globaleaks-whistleblowing-software@8c1af7f

[zenmonkeykstop]

Content-disposition: attachment is indeed being set as expected. This will be folded into a new PR along with other header changes, as per #6183 (comment)

[zenmonkeykstop]

Closed by #6187