fix: Add X-Frame-Options and CSP headers to Swagger UI endpoints

[rohansood10]

Fixes #22877

The Swagger UI endpoints (/swagger-ui and /swagger.json) don't set any framing headers, leaving them open to clickjacking via iframe embedding on malicious sites.

This adds X-Frame-Options: DENY and Content-Security-Policy: frame-ancestors 'none' to both endpoints. Both headers are set for defense-in-depth — X-Frame-Options for legacy browser support, CSP for modern browsers.

Includes test assertions for the new headers.

[bunnyshell]

✅ Preview Environment deployed on Bunnyshell

Component	Endpoints
argocd	https://argocd-nbbpdk.bunnyenv.com/
argocd-ttyd	https://argocd-web-cli-nbbpdk.bunnyenv.com/

See: Environment Details | Pipeline Logs

Available commands (reply to this comment):

• 🔴 /bns:stop to stop the environment
• 🚀 /bns:deploy to redeploy the environment
• ❌ /bns:delete to remove the environment

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 62.85%. Comparing base (9851b84) to head (69658b4).

Additional details and impacted files

@@            Coverage Diff             @@
##           master   #26521      +/-   ##
==========================================
+ Coverage   62.82%   62.85%   +0.03%     
==========================================
  Files         412      412              
  Lines       55635    55643       +8     
==========================================
+ Hits        34951    34973      +22     
+ Misses      17352    17342      -10     
+ Partials     3332     3328       -4     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.