Enable HTTP Strict Transport Security (HSTS) on sourcegraph.com (and all subdomains)

Created by: nicksnyder

Currently we redirect from http to https but we don't set the Strict-Transport-Security header.