referrer-policy support

While not officially part of the spec and not implemented anywhere, support for the experimental referrer-policy header was preemptively added.

Additionally, two minor enhancements were added this version:

1. Warn when the HPKP report host is the same as the current host. By definition any generated reports would be reporting to a known compromised connection.
2. Filter unsupported CSP directives when using Edge. Previously, this was causing many warnings in the developer console.