nginx.sample.conf: www redirection, security regex

according to the latest wiki info:
http://wiki.nginx.org/Pitfalls#Taxing_Rewrites
`return 301` is preferred over a rewrite.

also, the 'security' regex breaks some official extensions because it
will match and deny access to `/ext/phpbb`.
looking through the names of dirs and files containing `phpbb`, it
looks like the intent of the regex was to only disallow the folder
`phpbb` in the root dir and not other `/phpbb` matches.
a negative lookbehind was added to specifically not match `/ext/phpbb`
but still match other occurrences of `/phpbb`.

i've attached the config with the proposed changes.