Change options_for from class method to instance method

[rupurt]

Based on the thread from #146

This will help with:

• Allowing a controller to use instance data e.g. current_user
• Allowing a controller instance to override the default keys set in ::SecureHeaders::Configuration.configure

[oreoshake]

Can you add a test? e.g. https://github.com/twitter/secureheaders/blob/master/fixtures/rails_4_1_8/spec/controllers/things_controller_spec.rb

[rupurt]

Because I moved the method from public to private I was thinking the existing test coverage would suffice. If that doesn't work what kind of a test would you like to see?

[oreoshake]

In one of the fixture apps, override the default behavior for a single action that would alter the policy and verify the value on the way out. It will at least show that per-action results are possible.

e.g. add an action to https://github.com/twitter/secureheaders/blob/master/fixtures/rails_4_1_8/app/controllers/things_controller.rb, override options_for or whatever with something like return something if params[:action] == :my_new_action, check the policy in https://github.com/twitter/secureheaders/blob/master/fixtures/rails_4_1_8/spec/controllers/things_controller_spec.rb

[oreoshake]

btw, I submitted an alternative: #148

I do plan on shipping both options. I like #148 because it keeps all of the related code in the config file. That handles the case where the logic isn't too complex. I still like this approach for more complicated scenarios.