Allow SSO iFrames door chaptergy

This plugin changes HTTP headers to allow websites to be iframed which block this. It is meant for development and testing purposes.
It does the following:

• Drop all 'x-frame-options' response headers
• Drop all 'content-security-policy' response headers
• Change all 'set-cookie' response headers to set 'SameSite=None' (this also requires the Secure flag to be set for the cookie)
• Change 'sec-fetch-dest' request headers to 'document' if it equals 'iframe'

Note, that when cookies within this iframe are required, the iframe content has to be HTTPS, otherwise cookies will not be set.