[puppet] Allow Zulip to be loaded in an iframe on all domains

This removes "X-Frame-Options DENY" from our nginx config.  We need to be able
to load Zulip in an iframe for embedding and we decided that it doesn't actually
provide much protection.

(imported from commit 5bc363693db949010f6163cb3000c12229618a83)

puppet/zulip/files/nginx/sites-available/zulip-enterprise

@@ -12,8 +12,6 @@ server {
     ssl_certificate /etc/ssl/certs/zulip-enterprise.combined-chain.crt;
     ssl_certificate_key /etc/ssl/private/zulip-enterprise.key;
 
-    add_header X-Frame-Options DENY;
-
     location /user_uploads {
         add_header X-Content-Type-Options nosniff;
         include /etc/nginx/zulip-include/uploads.types;

puppet/zulip_internal/files/nginx/sites-available/zulip

@@ -26,9 +26,6 @@ server {
 
     server_name zephyr.humbughq.com zephyr.zulip.com;
 
-    # Avoid clickjacking attacks
-    add_header X-Frame-Options DENY;
-
     include /etc/nginx/zulip-include/app;
 }
 
@@ -42,10 +39,6 @@ server {
 
     server_name customer29.zulip.com;
 
-    ## We need to support running Zulip in an iframe for this
-    ## application, so X-Frame-Options is not set.
-    # add_header X-Frame-Options DENY;
-
     include /etc/nginx/zulip-include/app;
 }
 
@@ -61,9 +54,6 @@ server {
     # clients will never be accessing this host directly.
     server_name humbughq.com www.humbughq.com zulip.com www.zulip.com;
 
-    # Avoid clickjacking attacks
-    add_header X-Frame-Options DENY;
-
     # Downloadable software
     location /dist/ {
         autoindex on;

puppet/zulip_internal/files/nginx/sites-available/zulip-staging

@@ -15,8 +15,5 @@ server {
 
     server_name staging.zulip.com;
 
-    # Avoid clickjacking attacks
-    add_header X-Frame-Options DENY;
-
     include /etc/nginx/zulip-include/app;
 }