Do not set HSTS header

Enabling HTTP Strict-Transport-Security should be a decision made by the
system administrator, and implemented at server level, probably
site-wide and not just for MantisBT's PHP files.

Furthermore, Mantis setting this header causes issues if it is already
set for the server (invalid header), and may have unwanted side effects
as described in 0021262.

This reverts the change implemented to resolve issue 0012881.

Fixes 0021262