Breaking: Update hint to check for XCTO header on all resources

[utsavized]

This reverts changes added to check for this header only
on scripts and stylesheets, and instead, checks for the header
on all resources. MDN suggests the former, but Chromium uses
this response header on more than script/stylesheets for
CORB.

---

Ref #1221

Close #1221

Pull request checklist

Make sure you:

• Signed the Contributor License Agreement
• Followed the commit message guidelines

For non-trivial changes, please make sure you also:

• Added/Updated related documentation.
• Added/Updated related tests.

[molant]

Looks good to me!

Couple comments in the commit comment for future:

• This should be Breaking instead of new because before we were failing if the header was sent to all resources
• We should update our examples on how to pass this rule with apache and IIS and update our website's web.config
• The links at the end should be mostly Fix #ID. The Ref is used to links for further info and Close to indicate the PR that closes the issue. We should probably update the documentation so it's less confusing

I'm going to request changes but just so we don't forget about updating the documentation for the web servers but otherwise LGTM. If you have time to do it it will be awesome. If not I'll try to do it myself later today.

Thanks!

[utsavized]

@molant Added documentation of server config. Thanks!

[antross]

Looks good.

I'd love to see us report some of this in the future by examining server configuration files directly when available (filed as #1854).

[antross]

@molant given the README updates, this touched packages/hint so we're going to get a major version rev the next time we release due to the Breaking tag... Not sure if we already had other breaking changes queued up so this doesn't matter, or if you want to split the commit and re-write history, or just leave it.

[molant]

I missed that 😥
I'll rewrite the history.

[molant]

OK, should be fixed now. Nice catch @antross