Problem: offers api is not protected from unauthorized users and any cross origin calls

[mariha]

A follow up:

I disabled CORS and removed permission checks so these things have to be considered and tested to see what the implications are.

Originally posted by @chagai95 in https://github.com/OpenHospitalityNetwork/fedi-trustroots/pull/80

[mariha]

I moved the change to federation branch. It's not in master currently.