Further improve readability and maintainability of middleware/secure.go #2799
Description
Improved readability of HSTS header construction logic
Currently, the logic for constructing the value of the Strict-Transport-Security (HSTS) header is to nest fmt.Sprintf and concatenate the strings.
I believe that rewriting this part by adding each directive (max-age, includeSubdomains, preload) to the slice and finally joining them with strings.Join will make the logic clearer and improve readability.
Add comment regarding X-XSS-Protection header
The X-XSS-Protection header is deprecated in many modern browsers, and the Content-Security-Policy (CSP) header is recommended.
While this header is important for backward compatibility, I believe that supplementing this background with comments will help users of this middleware choose more appropriate security settings.