Add no-referrer referrer policy to prevent leakage of sensitive info

This prevents Referer headers from being sent when requesting any
external assets, and when clicking on any offsite links. This includes
the github link in the footer. This helps to prevent the leakage of
sensitive details, such as private domain names.

tsstats/templates/index.jinja2

@@ -4,6 +4,7 @@
   <meta charset="utf-8">
   <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css" integrity="sha384-BVYiiSIFeK1dGmJRAkycuHAHRg32OmUcww7on3RYdg4Va+PmSTsz/K68vbdEjh4u" crossorigin="anonymous">
   <link rel="stylesheet" href="https://cdn.jsdelivr.net/hint.css/2.4.1/hint.min.css" integrity="sha256-7KczUWqIa/6KaIKtNfG18eilVQR4vJ4S9SSiDAplUwc=" crossorigin="anonymous">
+  <meta name="referrer" content="no-referrer">
   <style type="text/css">
     body {
       padding-top: 50px;