Clean up middleware, add security-headers to non-Zammad pages

apps/link/app/_lib/zammad.ts

@@ -1,5 +1,4 @@
 import { getServerSession } from "app/_lib/authentication";
-import { redirect } from "next/navigation";
 import { cookies } from "next/headers";
 
 const getHeaders = async () => {
@@ -8,8 +7,6 @@ const getHeaders = async () => {
   const headers = {
     "Content-Type": "application/json",
     Accept: "application/json",
-    // @ts-ignore
-    "X-CSRF-Token": session.user.zammadCsrfToken,
     "X-Browser-Fingerprint": `${session.expires}`,
     Cookie: allCookies
       .map((cookie: any) => `${cookie.name}=${cookie.value}`)