🛡️ Sentinel: [HIGH] Add HSTS and Permissions-Policy headers

Added Strict-Transport-Security (HSTS) and Permissions-Policy headers to firebase.json to improve security posture.

- HSTS ensures browsers only connect via HTTPS for 1 year.
- Permissions-Policy restricts usage of sensitive features (camera, mic, geolocation).

Co-authored-by: ragusa-it <196988693+ragusa-it@users.noreply.github.com>

firebase.json

@@ -24,6 +24,14 @@
             "key": "X-Frame-Options",
             "value": "DENY"
           },
+          {
+            "key": "Strict-Transport-Security",
+            "value": "max-age=31536000; includeSubDomains"
+          },
+          {
+            "key": "Permissions-Policy",
+            "value": "camera=(), microphone=(), geolocation=()"
+          },
           {
             "key": "Referrer-Policy",
             "value": "strict-origin-when-cross-origin"