Add HTTP Permissions-Policy header

The HTTP Permissions-Policy header provides a mechanism to allow and deny the use of browser features in its own frame, and in content within any <iframe> elements in the document.

Read the [MDN's article](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy)