Adds some header detection to help prevent DDOS attempts on the
repository archive endpoint. Introduced as a concern so it can
be utilised elsewhere if needed.

Now uses built-in Rails header parser and doesn't block
legimate Sec-Fetch-Mode headers.

Adds support for hotlinking interception on the API as well, refactors
most of the system out into a new class to cover both Rails and Grape.