Use private caching on secure connections

If a user asks for a resource over a secure connection, only permit
the browser to cache the resource. This prevents a man in the middle
proxy from accidentially caching a Set-Cookie header.

Define caching rules in a CacheHeaders helper class that can be
used within Gerrit Code Review, enabling Gerrit to match behavior.

Change-Id: Ibb9c3b6ccf0e16430f1adae96e8e2680f77925b0