Implement HSTS preload

This allows browsers to query https directly instead of the initial http redirect

https://hstspreload.org/#opt-in says it should be explicitly opt in

src/reverseproxy.js

@@ -445,7 +445,8 @@ async function writeDashboardNginxConfig(vhost, certificatePath) {
         keyFilePath: certificatePath.keyFilePath,
         robotsTxtQuoted: JSON.stringify('User-agent: *\nDisallow: /\n'),
         proxyAuth: { enabled: false, id: null, location: nginxLocation('/') },
-        ocsp: await isOcspEnabled(certificatePath.certFilePath)
+        ocsp: await isOcspEnabled(certificatePath.certFilePath),
+        hstsPreload: false
     };
     const nginxConf = ejs.render(NGINX_APPCONFIG_EJS, data);
     const nginxConfigFilename = path.join(paths.NGINX_APPCONFIG_DIR, `dashboard/${vhost}.conf`);
@@ -488,7 +489,8 @@ async function writeAppLocationNginxConfig(app, location, certificatePath) {
         hideHeaders: [],
         proxyAuth: { enabled: false },
         upstreamUri: '', // only for endpoint === external
-        ocsp: await isOcspEnabled(certificatePath.certFilePath)
+        ocsp: await isOcspEnabled(certificatePath.certFilePath),
+        hstsPreload: !!app.reverseProxyConfig?.hstsPreload
     };
 
     if (type === apps.LOCATION_TYPE_PRIMARY || type === apps.LOCATION_TYPE_ALIAS || type === apps.LOCATION_TYPE_SECONDARY) {
@@ -708,7 +710,8 @@ async function writeDefaultConfig(options) {
         keyFilePath,
         robotsTxtQuoted: JSON.stringify('User-agent: *\nDisallow: /\n'),
         proxyAuth: { enabled: false, id: null, location: nginxLocation('/') },
-        ocsp: false // self-signed cert
+        ocsp: false, // self-signed cert
+        hstsPreload: false
     };
     const nginxConf = ejs.render(NGINX_APPCONFIG_EJS, data);
     const nginxConfigFilename = path.join(paths.NGINX_APPCONFIG_DIR, constants.NGINX_DEFAULT_CONFIG_FILE_NAME);