fix: enable hsts (#2565) (#2575)

Signed-off-by: achmelo <a.chmelo@gmail.com>

Signed-off-by: achmelo <a.chmelo@gmail.com>
(cherry picked from commit 4cffe97)

Author: achmelo

gateway-service/src/main/java/org/zowe/apiml/gateway/security/config/NewSecurityConfiguration.java

@@ -473,7 +473,7 @@ protected HttpSecurity baseConfigure(HttpSecurity http) throws Exception {
         return http
             .cors()
             .and().csrf().disable()    // NOSONAR we are using SAMESITE cookie to mitigate CSRF
-            .headers().httpStrictTransportSecurity().disable()
+            .headers().httpStrictTransportSecurity().and()
             .frameOptions().disable()
             .and().exceptionHandling().authenticationEntryPoint(handlerInitializer.getBasicAuthUnauthorizedHandler())
             .and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)