Add X_FRAME_OPTIONS to install instructions

[allcaps]

Description

This PR updates the readme to set X_FRAME_OPTIONS = 'SAMEORIGIN' on Django 3.0 and up.

This is because Django switched from 'SAMEORIGIN' to 'DENY' as default.
https://docs.djangoproject.com/en/3.1/releases/3.0/#security

Checklist

✅ My code follows the style guidelines of this project
✅ I have performed a self-review of my own code
N/A I have commented my code, particularly in hard-to-understand areas
✅ I have made corresponding changes to the documentation
N/A My changes generate no new warnings
N/A I have added tests that prove my fix is effective or that my feature works
✅ New and existing unit tests pass locally with my changes

[bcdickinson]

I'm not sure that advising a project to set this globally because it includes this app is the right thing to do.

We're already setting this header explicitly on responses to GET requests to the RenderPatternView: https://github.com/torchbox/django-pattern-library/blob/master/pattern_library/views.py#L75

Is there some circumstance under which that doesn't work?

[allcaps]

I can't reproduce my setup. DPL works fine. My bad.

[bcdickinson]

Hi @allcaps - I think I've just run into this myself... does #129 sound like it might have been what was happening to you?