Use original document's response headers instead of XHR

[paulirish]

In the https://github.com/voorhoede/lighthouse-security/blob/master/gather/gatherers/response-headers.js there'a a request from node for the document page.

However the response headers of the original request are already provided. And cookies, etc are all taken care of.

Here's an example audit that uses its response headers: https://github.com/GoogleChrome/lighthouse/blob/fb2cb02b1ffe763a3048c8a50c6b12c14c4d43a1/lighthouse-core/audits/seo/is-crawlable.js#L94