As per INFOSEC-67, we should increase the default max age to 2 years rather than the existing one year. This is in line with recommended values.

ATs:

• The default value is set to 2 years in our config
• The value can be overridden via environment variable
• Our documentation is updated to reflect the change

Testing notes:

• The setting can be configured with env var: 

CAMUNDA_OPTIMIZE_SECURITY_RESPONSE_HEADERS_HSTS_MAX_AGE