set x-content-type-options headers for blob and block in nginx example

docs/example.nginx.conf

@@ -204,6 +204,7 @@ server {
             add_header 'Content-Length' 0;
             return 204;
         }
+        add_header X-Content-Type-Options nosniff;
         add_header Cache-Control max-age=31536000;
         add_header 'Access-Control-Allow-Origin' "${allowed_origins}";
         add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
@@ -216,6 +217,7 @@ server {
     # these payloads are unlocked via login credentials. They are mutable
     # and are thus never cached. They're small enough that it doesn't matter, in any case.
     location ^~ /block/ {
+        add_header X-Content-Type-Options nosniff;
         add_header Cache-Control max-age=0;
         try_files $uri =404;
     }