Add referrer meta header

Could probably get away with `unsafe-url`, but out of paranoia I'll go with
`origin-when-cross-origin` for now.

http://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-origin-when-cross-origin

http://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-delivery

Author: rtyley

app/views/fragments/head.scala.html

@@ -1,6 +1,7 @@
 <head>
     <title>submitGit</title>
     <meta name="viewport" content="width=device-width, initial-scale=1">
+    <meta name="referrer" content="origin-when-cross-origin">
     <link rel="stylesheet" media="screen" href="@routes.Assets.at("lib/bootstrap/css/bootstrap.min.css")" />
     <script type="text/javascript" src="@routes.Assets.at("lib/jquery/jquery.js")"></script>
     <script type="text/javascript" src="@routes.Assets.at("lib/bootstrap/js/bootstrap.min.js")"></script>