feat(shared-web): add shared swagger and tracing utilities

src/Core/TakeoutSaaS.Shared.Web/Middleware/SecurityHeadersMiddleware.cs

@@ -0,0 +1,27 @@
+using Microsoft.AspNetCore.Http;
+
+namespace TakeoutSaaS.Shared.Web.Middleware;
+
+/// <summary>
+/// 安全响应头中间件
+/// </summary>
+public sealed class SecurityHeadersMiddleware
+{
+    private readonly RequestDelegate _next;
+
+    public SecurityHeadersMiddleware(RequestDelegate next)
+    {
+        _next = next;
+    }
+
+    public async Task InvokeAsync(HttpContext context)
+    {
+        var headers = context.Response.Headers;
+        headers["X-Content-Type-Options"] = "nosniff";
+        headers["X-Frame-Options"] = "DENY";
+        headers["X-XSS-Protection"] = "1; mode=block";
+        headers["Referrer-Policy"] = "no-referrer";
+        await _next(context);
+    }
+}
+