Add rel=noreferrer to external links

[mfb]

We want to track Referer header for links between EFF sites, but not between EFF and external sites. This is also a security improvement, to prevent the linked page from gaining access to the linking page via the window.opener object.

We'll need to define a configurable domain whitelist and then have a middleware that adds noreferrer to the rel attribute for links to any other domains.