Mojira Referer / Referrer policy should be changed

The bug

The current referer / referrer policy of Mojira is no-referrer-when-downgrade. This means the referrer containing the URL of the site you came from can be sent to third party sites.

This is critical if you are currently viewing a private report, comment or other private part of Mojira. For example if you are the reporter of an issue about an exploit and click in the issue a link to google.com, then Google can assume (unless you are messing with referrers) that you somehow have access to that issue. And if the issue is then later mentioned in a change log this knowledge that you can access the issue is even more important.
This was just an example for Google, while I am not sure if Google really uses this information I hope you get the point because some websites are using it for sure.

How to reproduce (general)

1. Make sure you have no add-ons installed which might remove the referrer
2. Open the developer tools
3. Open the network log
4. After reading the following steps left-click the link https://en.wikipedia.org/wiki/HTTP_referer
5. Click on the entry for the wikipedia article
6. Look at the headers and search in the request headers the field "referer"
   → The referrer contains the URL of this report, which means wikipedia knows now that this issue likely exists and that you have access to it

How to reproduce (Chrome)

1. Make sure you have no add-ons installed which might remove the referrer
2. Open the developer tools, this can be done by pressing F12
3. Open the network log tab called "Network"
4. After reading the following steps left-click the link https://en.wikipedia.org/wiki/HTTP_referer
5. Click on the entry for the wikipedia article, which will be named "HTTP_referer"
6. Look in the "Headers" tab and search in the request headers the field "referer"
   → The referrer contains the URL of this report, which means wikipedia knows now that this issue likely exists and that you have access to it