Add some headers to `build.servo.org` to improve our Mozilla Observatory
score. The helps the cause of #473, by raising our score from F (0) to a
whopping B- (65). The testing is still basic, the docker-observatory
based testing will go in a different PR.

To get to an A+ we must first implement https.

This is the local observatory report:

   Score Rule                       Description
      -20 redirection                Does not redirect to an https site.
      -20 strict-transport-security  HTTP Strict Transport Security (HSTS)
        header cannot be set for sites not available over https.
       -5 contribute                 Contribute.json file missing from root
        of website.
        5 content-security-policy    Content Security Policy (CSP)
        implemented without 'unsafe-inline' or 'unsafe-eval'.
        5 x-frame-options            X-Frame-Options (XFO) implemented via
        the CSP frame-ancestors directive.

    Score: 65
    Grade: B-