mastodon: Fix 422-"Security verification failed"-errors

Mastodon was throwing "Security verification failed. Are you blocking
you blocking cookies?"-errors with an HTTP status 422[1]. This was
caused by the recent change of the docker-compose template in this
role. [2]

The result were the mentioned 422 HTTP errors during post requests. For
example an admin action or even a simply logout. The cause for those 422
status was the addition of the `no-referrer` instruction in the
`referrer`-policy. In Firefox setting the policy like this does not
only, as the policy requires, omit the `Referer`-Header but also sets
the `Origin`-Header to `null`.

To put it nicely: Mastodon hates that.[3] It simply results in a 422
since ruby doesn't seems to want to handle such a request.[4] As it was
pointed out in a related issue.[5]

Therefore this patch changes the policy from `no-referrer` to `same-origin`.

[1]: https://tools.ietf.org/html/rfc4918#section-11.2
[2]: cbfef883
[3]: https://github.com/tootsuite/mastodon/issues/7738
[4]: https://github.com/rails/rails/issues/28299#issuecomment-335264502
[5]: https://github.com/tootsuite/mastodon/issues/6366#issuecomment-360803408