feat: add support for setting Access-Control headers

[justlevine]

What

This PR adds support for customizing the Access Control headers from the settings.

• It allows setting the Access-Control-Allow-Origin to multiple authorized domains.
• It allows blocking unauthorized origins from running altogether.
• It allows exposing custom headers (but not populating them).

Why

Make it easier to handle CORS issues.

How

Testing Instructions

Additional Info

Checklist:

• [x] My code is tested to the best of my abilities.
• [x] My code follows the WordPress Coding Standards.
• [x] My code has proper inline documentation.
• [x] I have added unit tests to verify the code works as intended.
• [ ] I included the relevant changes in CHANGELOG.md

[coveralls]

Coverage: 60.467% (+0.8%) from 59.677% when pulling ba18b927e72810701072892ac78bfc3a57274d36 on justlevine:feat/access-control-settings into 9b3fdbcb464bff0492df7b38d43958972e77177d on AxeWP:develop.