Add Permissions-Policy: interest-cohort=() header to Pages sites hosted on GitLab.com

Background

This issue is the same as gitlab#327904 (closed), but for GitLab Pages instead of GitLab itself.

Proposal

Begin sending the Permissions-Policy: interest-cohort=() header by default for Pages sites.

For now, we'll scope this change to Pages sites hosted on GitLab.com, and not self-managed Pages.

Why?

• FLoC has some worrying privacy concerns
• GitHub Pages recently blocked FLoC

Additional info

GitHub only enabled this new header for non-custom sites:

Pages sites using a custom domain will not be impacted

I'm not exactly sure why they made this decision. I think we should send this header by default for all Pages sites, unless there's a convincing reason not to.

Technical proposal

• Add Permissions-Policy: interest-cohort=() to the config CustomHeaders on startup
• Add a boolean flag -disable-floc-header (or -disable-permissions-policy-header) to https://gitlab.com/gitlab-org/gitlab-pages/-/blob/master/internal/config/flags.go -> when true we don't attach that header as above
• Add the option to Omnibus
• Update admin docs