Forced response cache revalidation on logged-in responses

- Prevents authenticated responses being visible when back button
  pressed in browser.
- Previously, 'no-cache, private' was added by default by Symfony which
  would have prevents proxy cache issues but this adds no-store and a
  max-age option to also invalidate all caching.

Thanks to @haxatron via huntr.dev
Ref: https://huntr.dev/bounties/6cda9df9-4987-4e1c-b48f-855b6901ef53/

app/Http/Middleware/PreventAuthenticatedResponseCaching.php

@@ -0,0 +1,30 @@
+<?php
+
+namespace BookStack\Http\Middleware;
+
+use Closure;
+use Symfony\Component\HttpFoundation\Response;
+
+class PreventAuthenticatedResponseCaching
+{
+    /**
+     * Handle an incoming request.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @param  \Closure  $next
+     * @return mixed
+     */
+    public function handle($request, Closure $next)
+    {
+        /** @var Response $response */
+        $response = $next($request);
+
+        if (signedInUser()) {
+            $response->headers->set('Cache-Control', 'max-age=0, no-store, private');
+            $response->headers->set('Pragma', 'no-cache');
+            $response->headers->set('Expires', 'Sun, 12 Jul 2015 19:01:00 GMT');
+        }
+
+        return $response;
+    }
+}